From e5996ecea87daaeaaf1f560f267d3c70a1feb936 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lukas=20R=C3=B6mer?= Date: Tue, 4 Apr 2023 16:46:56 +0200 Subject: [PATCH 1/4] Adjust Helm chart to include Keycloak dependency and enable chart tests --- .github/workflows/helm-test.yml | 71 + charts/semantic-hub/Chart.yaml | 5 + charts/semantic-hub/config/NOTICE.txt | 1 + .../config/default-realm-import.json | 2006 +++++++++++++++++ .../templates/hub/hub-secret.yaml | 4 + .../keycloak/init-script-configmap.yaml | 7 + charts/semantic-hub/values.yaml | 41 +- 7 files changed, 2132 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/helm-test.yml create mode 100644 charts/semantic-hub/config/NOTICE.txt create mode 100644 charts/semantic-hub/config/default-realm-import.json create mode 100644 charts/semantic-hub/templates/keycloak/init-script-configmap.yaml diff --git a/.github/workflows/helm-test.yml b/.github/workflows/helm-test.yml new file mode 100644 index 00000000..2f23835b --- /dev/null +++ b/.github/workflows/helm-test.yml @@ -0,0 +1,71 @@ +# Copyright (c) 2023 Copyright (c) 2023 Robert Bosch Manufacturing Solutions GmbH +# Copyright (c) 2023 Contributors to the Eclipse Foundation + +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. + +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# SPDX-License-Identifier: Apache-2.0 +--- + +name: Lint and Test Charts + +on: + pull_request: + workflow_dispatch: + +jobs: + lint-test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Kubernetes KinD Cluster + uses: container-tools/kind-action@v1 + + - name: Build image + uses: docker/build-push-action@v3 + with: + context: . + file: ./backend/Dockerfile + push: true + tags: kind-registry:5000/sldt-semantic-hub:testing + + - name: Set up Helm + uses: azure/setup-helm@v3 + with: + version: v3.9.3 + + - uses: actions/setup-python@v4 + with: + python-version: "3.9" + check-latest: true + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.3.1 + + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) + if [[ -n "$changed" ]]; then + echo "::set-output name=changed::true" + fi + - name: Run chart-testing (lint) + run: ct lint --validate-maintainers=false --target-branch ${{ github.event.repository.default_branch }} + + - name: Run chart-testing (install) + run: ct install --charts charts/semantic-hub + if: steps.list-changed.outputs.changed == 'true' diff --git a/charts/semantic-hub/Chart.yaml b/charts/semantic-hub/Chart.yaml index f07d9783..db81ac59 100644 --- a/charts/semantic-hub/Chart.yaml +++ b/charts/semantic-hub/Chart.yaml @@ -5,3 +5,8 @@ description: Helm Chart for the Catena-X Semantic Hub Application type: application version: 0.1.10 appVersion: 0.2.1-M1 +dependencies: + - repository: https://charts.bitnami.com/bitnami + name: keycloak + version: 13.3.0 + condition: enableKeycloak \ No newline at end of file diff --git a/charts/semantic-hub/config/NOTICE.txt b/charts/semantic-hub/config/NOTICE.txt new file mode 100644 index 00000000..3c1976cc --- /dev/null +++ b/charts/semantic-hub/config/NOTICE.txt @@ -0,0 +1 @@ +The enclosed 'default-realm-import.json' is an auto-generated configuration file for Keycloak, that contains some pre-configured realms, clients, users, and roles. \ No newline at end of file diff --git a/charts/semantic-hub/config/default-realm-import.json b/charts/semantic-hub/config/default-realm-import.json new file mode 100644 index 00000000..f5ce6718 --- /dev/null +++ b/charts/semantic-hub/config/default-realm-import.json @@ -0,0 +1,2006 @@ +{ + "id" : "fa40e72f-c0bb-4dc9-b80f-6f1f77e28730", + "realm" : "default-realm", + "displayName" : "", + "displayNameHtml" : "", + "notBefore" : 0, + "defaultSignatureAlgorithm" : "RS256", + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 300, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "oauth2DeviceCodeLifespan" : 600, + "oauth2DevicePollingInterval" : 5, + "enabled" : true, + "sslRequired" : "external", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : false, + "loginWithEmailAllowed" : true, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "4f1322e8-9db1-4e7d-a3f4-0c6bbb26d680", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "fa40e72f-c0bb-4dc9-b80f-6f1f77e28730", + "attributes" : { } + }, { + "id" : "b3c92d4a-63dc-41da-9d3c-f6af74d631dd", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "fa40e72f-c0bb-4dc9-b80f-6f1f77e28730", + "attributes" : { } + }, { + "id" : "d65ff1c5-c773-45da-9616-7fd48f0b6d31", + "name" : "default-roles-cx-central", + "description" : "${role_default-roles}", + "composite" : true, + "composites" : { + "realm" : [ "offline_access", "uma_authorization" ], + "client" : { + "account" : [ "view-profile", "manage-account" ] + } + }, + "clientRole" : false, + "containerId" : "fa40e72f-c0bb-4dc9-b80f-6f1f77e28730", + "attributes" : { } + } ], + "client" : { + "default-client" : [ { + "id" : "20368ccb-ace5-4924-bb92-81c2b8cc23a2", + "name" : "uma_protection", + "composite" : false, + "clientRole" : true, + "containerId" : "f1c5d623-0c0a-4d33-92b0-adaa9436cb04", + "attributes" : { } + }, { + "id" : "aa76cb61-ed7d-4fca-8f7e-5cb53f70966d", + "name" : "add_semantic_model", + "description" : "", + "composite" : false, + "clientRole" : true, + "containerId" : "f1c5d623-0c0a-4d33-92b0-adaa9436cb04", + "attributes" : { } + }, { + "id" : "fe6832e8-1f28-4c04-84b4-502a01f9484a", + "name" : "delete_semantic_model", + "composite" : false, + "clientRole" : true, + "containerId" : "f1c5d623-0c0a-4d33-92b0-adaa9436cb04", + "attributes" : { } + }, { + "id" : "ffd7dd54-948b-4bd5-93c1-793f3fbc3d49", + "name" : "view_semantic_model", + "composite" : false, + "clientRole" : true, + "containerId" : "f1c5d623-0c0a-4d33-92b0-adaa9436cb04", + "attributes" : { } + }, { + "id" : "3ef3c54e-13c1-41b4-b979-f954f5465863", + "name" : "update_semantic_model", + "composite" : false, + "clientRole" : true, + "containerId" : "f1c5d623-0c0a-4d33-92b0-adaa9436cb04", + "attributes" : { } + } ], + "realm-management" : [ { + "id" : "2b92c6e5-ab96-425b-b4d4-fc8afa37cb0c", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "18f280c7-2d5a-43ae-a022-5c440b988f15", + "attributes" : { } + }, { + "id" : "04954912-3bfa-41ef-a5d2-0307ffcbe871", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "18f280c7-2d5a-43ae-a022-5c440b988f15", + "attributes" : { } + }, { + "id" : "fad9c16e-a17b-40b9-9fbe-50b1100dc9d6", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "18f280c7-2d5a-43ae-a022-5c440b988f15", + "attributes" : { } + }, { + "id" : "aa01b137-efa9-4c21-b712-fdb7db4ea02f", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "18f280c7-2d5a-43ae-a022-5c440b988f15", + "attributes" : { } + }, { + "id" : "c09739b3-8f35-49d4-a9db-c1f4a106a342", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "18f280c7-2d5a-43ae-a022-5c440b988f15", + "attributes" : { } + }, { + "id" : "fc8477cb-2cfa-4010-bb46-bafa892314f9", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "manage-users", "create-client", "query-clients", "view-realm", "manage-authorization", "manage-clients", "manage-realm", "query-groups", "view-events", "query-users", "manage-events", "view-clients", "view-authorization", "view-users", "manage-identity-providers", "query-realms", "view-identity-providers", "impersonation" ] + } + }, + "clientRole" : true, + "containerId" : "18f280c7-2d5a-43ae-a022-5c440b988f15", + "attributes" : { } + }, { + "id" : "1eb5c2f2-c6c6-4120-90e1-84b7c231e6a2", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "18f280c7-2d5a-43ae-a022-5c440b988f15", + "attributes" : { } + }, { + "id" : "936d8791-c1ad-4cf2-acba-ce57d647c5e0", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "18f280c7-2d5a-43ae-a022-5c440b988f15", + "attributes" : { } + }, { + "id" : "9ae1ddbc-4aac-46ce-86fe-5c54e2a69ae8", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "18f280c7-2d5a-43ae-a022-5c440b988f15", + "attributes" : { } + }, { + "id" : "b4fd532b-6ddf-49fe-b4c4-30eeb04a1f40", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "18f280c7-2d5a-43ae-a022-5c440b988f15", + "attributes" : { } + }, { + "id" : "f40bd12c-274f-40c5-b669-1cfc8b3504a0", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "18f280c7-2d5a-43ae-a022-5c440b988f15", + "attributes" : { } + }, { + "id" : "d3f48997-48b8-4277-bc43-1cabcfb9b55d", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "18f280c7-2d5a-43ae-a022-5c440b988f15", + "attributes" : { } + }, { + "id" : "49669a24-929e-4437-839b-4ab4b370b31d", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "18f280c7-2d5a-43ae-a022-5c440b988f15", + "attributes" : { } + }, { + "id" : "0ab2f49f-10f7-42ee-b7c7-4a483e540ba0", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "18f280c7-2d5a-43ae-a022-5c440b988f15", + "attributes" : { } + }, { + "id" : "2392d385-b17e-4e3f-9c1c-931b7ef305d2", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-groups", "query-users" ] + } + }, + "clientRole" : true, + "containerId" : "18f280c7-2d5a-43ae-a022-5c440b988f15", + "attributes" : { } + }, { + "id" : "758ce1aa-6553-4ec8-a1eb-5e68e97e65ff", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "18f280c7-2d5a-43ae-a022-5c440b988f15", + "attributes" : { } + }, { + "id" : "8fac790a-fc04-4d94-ba50-cb246caef923", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "18f280c7-2d5a-43ae-a022-5c440b988f15", + "attributes" : { } + }, { + "id" : "8db191e8-ee73-4257-92ef-5a8cb83f3f2b", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "18f280c7-2d5a-43ae-a022-5c440b988f15", + "attributes" : { } + }, { + "id" : "480a9dd8-b27b-4e43-afb0-3b0d554df121", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "18f280c7-2d5a-43ae-a022-5c440b988f15", + "attributes" : { } + } ], + "security-admin-console" : [ ], + "admin-cli" : [ ], + "account-console" : [ ], + "broker" : [ { + "id" : "dd9dcede-7d0b-4428-9fde-f0b10046fc6f", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "0407af07-737a-4b11-9810-f01445fd2735", + "attributes" : { } + } ], + "account" : [ { + "id" : "ba510b9b-01e1-434c-acc2-ec93c32d07f3", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "2a8533c0-6ef6-4fb2-827e-339c9dafc36c", + "attributes" : { } + }, { + "id" : "d166c04d-0d67-452c-ab95-755eca343d59", + "name" : "delete-account", + "description" : "${role_delete-account}", + "composite" : false, + "clientRole" : true, + "containerId" : "2a8533c0-6ef6-4fb2-827e-339c9dafc36c", + "attributes" : { } + }, { + "id" : "d858da4a-ddba-4d55-ad47-a5fe2b9e8211", + "name" : "view-groups", + "description" : "${role_view-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "2a8533c0-6ef6-4fb2-827e-339c9dafc36c", + "attributes" : { } + }, { + "id" : "430baa18-93a7-4862-96f0-0e0486302cf3", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "2a8533c0-6ef6-4fb2-827e-339c9dafc36c", + "attributes" : { } + }, { + "id" : "192b193d-b935-4c4e-86e2-38e7a8d6eae3", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } + }, + "clientRole" : true, + "containerId" : "2a8533c0-6ef6-4fb2-827e-339c9dafc36c", + "attributes" : { } + }, { + "id" : "8e1be348-7ff6-4c08-a252-98436e74b322", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "2a8533c0-6ef6-4fb2-827e-339c9dafc36c", + "attributes" : { } + }, { + "id" : "c4eba91d-7b8f-4ff6-8f4b-b908f7e2cff2", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "2a8533c0-6ef6-4fb2-827e-339c9dafc36c", + "attributes" : { } + }, { + "id" : "30c66374-a53b-414d-a80d-a1294304c567", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, + "clientRole" : true, + "containerId" : "2a8533c0-6ef6-4fb2-827e-339c9dafc36c", + "attributes" : { } + } ] + } + }, + "groups" : [ ], + "defaultRole" : { + "id" : "d65ff1c5-c773-45da-9616-7fd48f0b6d31", + "name" : "default-roles-cx-central", + "description" : "${role_default-roles}", + "composite" : true, + "clientRole" : false, + "containerId" : "fa40e72f-c0bb-4dc9-b80f-6f1f77e28730" + }, + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpPolicyCodeReusable" : false, + "otpSupportedApplications" : [ "totpAppGoogleName", "totpAppFreeOTPName" ], + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "users" : [ { + "id" : "50ddf502-47b3-4336-baae-dcc10a136117", + "createdTimestamp" : 1680180362762, + "username" : "service-account-default-client", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "serviceAccountClientId" : "default-client", + "attributes" : { + "bpn" : [ "123456789" ] + }, + "credentials" : [ ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-cx-central" ], + "clientRoles" : { + "default-client" : [ "uma_protection", "add_semantic_model", "delete_semantic_model", "view_semantic_model", "update_semantic_model" ] + }, + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "fbcaad75-f8a3-4c45-9a14-748f92b4804f", + "createdTimestamp" : 1680186259223, + "username" : "testuser", + "enabled" : true, + "totp" : false, + "emailVerified" : true, + "firstName" : "Test", + "lastName" : "User", + "credentials" : [ { + "id" : "140da731-6bc1-4a3e-9a5a-7f20eb239596", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1680186279808, + "secretData" : "{\"value\":\"Ah0FcLe6Oi/MW7wRisyu/eMyXW6qggdSgSYWenc3y4L50fxmd2knuTXFIbSexzUp8QLhFKYsiDk08zyJJnIzAQ==\",\"salt\":\"DDmpVIgaM7hQ2nbyNXepYQ==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-cx-central" ], + "clientRoles" : { + "default-client" : [ "add_semantic_model", "delete_semantic_model", "view_semantic_model", "update_semantic_model" ] + }, + "notBefore" : 0, + "groups" : [ ] + } ], + "scopeMappings" : [ { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account", "view-groups" ] + } ] + }, + "clients" : [ { + "id" : "2a8533c0-6ef6-4fb2-827e-339c9dafc36c", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/default-realm/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/default-realm/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "ee5504df-a8be-4fa4-8936-520965a8896c", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/CX-Central/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/CX-Central/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "d1f7ff17-c971-46fb-862f-b58dd03030e3", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "abc76d7a-b855-4a34-9c58-39120f24dbf2", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "0407af07-737a-4b11-9810-f01445fd2735", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "f1c5d623-0c0a-4d33-92b0-adaa9436cb04", + "clientId" : "default-client", + "name" : "", + "description" : "", + "rootUrl" : "", + "adminUrl" : "", + "baseUrl" : "", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "wJcfhf5uXynRcAHy5Ua9KAwM4EhsFvC1", + "redirectUris" : [ "http://localhost" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : true, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : true, + "authorizationServicesEnabled" : true, + "publicClient" : false, + "frontchannelLogout" : true, + "protocol" : "openid-connect", + "attributes" : { + "oidc.ciba.grant.enabled" : "true", + "client.secret.creation.time" : "1680192891", + "backchannel.logout.session.required" : "true", + "post.logout.redirect.uris" : "+", + "oauth2.device.authorization.grant.enabled" : "true", + "display.on.consent.screen" : "false", + "backchannel.logout.revoke.offline.tokens" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "protocolMappers" : [ { + "id" : "d2482667-e3c9-4cb0-871f-fd00268a0edd", + "name" : "Client Host", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "clientHost", + "userinfo.token.claim" : "true", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "clientHost", + "jsonType.label" : "String" + } + }, { + "id" : "0a8028dc-37b8-41bd-8532-f2345ef48427", + "name" : "Client ID", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "clientId", + "userinfo.token.claim" : "true", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "clientId", + "jsonType.label" : "String" + } + }, { + "id" : "c072cc3a-399e-44f8-8186-a330b8123976", + "name" : "Client IP Address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "clientAddress", + "userinfo.token.claim" : "true", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "clientAddress", + "jsonType.label" : "String" + } + }, { + "id" : "2ef856d5-53a4-4120-adb6-f8f2d41e1af1", + "name" : "bpn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "aggregate.attrs" : "false", + "userinfo.token.claim" : "true", + "multivalued" : "false", + "user.attribute" : "bpn", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "bpn" + } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ], + "authorizationSettings" : { + "allowRemoteResourceManagement" : true, + "policyEnforcementMode" : "ENFORCING", + "resources" : [ { + "name" : "Default Resource", + "type" : "urn:Cl4-CX-DigitalTwin:resources:default", + "ownerManagedAccess" : false, + "attributes" : { }, + "_id" : "d6e665e8-d14b-406c-9af9-1ff54e156e1a", + "uris" : [ "/*" ] + } ], + "policies" : [ { + "id" : "6893fcc4-591e-4f40-96bc-026da34c9a47", + "name" : "Default Permission", + "description" : "A permission that applies to the default resource type", + "type" : "resource", + "logic" : "POSITIVE", + "decisionStrategy" : "UNANIMOUS", + "config" : { + "defaultResourceType" : "urn:Cl4-CX-DigitalTwin:resources:default" + } + } ], + "scopes" : [ ], + "decisionStrategy" : "UNANIMOUS" + } + }, { + "id" : "18f280c7-2d5a-43ae-a022-5c440b988f15", + "clientId" : "realm-management", + "name" : "${client_realm-management}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "3335b176-700a-4759-ad9f-82aba9d4a52f", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/default-realm/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/admin/default-realm/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "e70d1850-2305-415c-ad7e-90d43d334b4c", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + } ], + "clientScopes" : [ { + "id" : "3840299f-8159-4b24-ad99-d5f95c2cacac", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + }, { + "id" : "8907b1ff-d267-49e3-9ed9-96da8176f129", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${addressScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "e18cc4a0-4334-41f1-8492-1a0fddf3f4fa", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + }, { + "id" : "b6ecd9cb-f174-437a-a4ce-0caa14ddef10", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${rolesScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "817a43ae-ef9a-491d-9d55-87b2bdc20592", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "972027c9-1442-4ca7-8cbc-00d6e3a7de29", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "a673cd61-3039-413a-813b-2d4ffe0dd957", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ] + }, { + "id" : "480bcc18-5ca4-4c40-b272-299c27be74a3", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${phoneScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "c0ec165e-473e-4b52-a4d6-8857fe544ebe", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + }, { + "id" : "fbc165d8-5d58-4b16-9fcf-b823eec7bfc0", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + } ] + }, { + "id" : "092ce83a-8b93-4277-95c3-d010ecb4347f", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "73ee77f3-62fc-44ad-8eb4-bbea56b03dcf", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + }, { + "id" : "96f90476-9367-48c3-a4d4-1079c809a96c", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "multivalued" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "b47c2f82-01f8-4219-8571-0e4ee4150eb7", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "86aa831c-5151-4de6-93cb-4133b0f9fa93", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { } + } ] + }, { + "id" : "b3cca270-7bc6-450d-bf91-6f08a49ebe46", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${profileScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "d63ffda5-673a-4b77-985c-c5b9d84f5d32", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + }, { + "id" : "2aaa2702-8b42-46b7-9fa3-db0ae5ae32cf", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + }, { + "id" : "9dacfd11-3f8a-4c11-9ea9-42a02f60dfc4", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + }, { + "id" : "5e2d7987-7ba5-421d-9995-3885bad195e1", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + }, { + "id" : "9f4a96ee-9420-4e74-a491-e68829e9866f", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + }, { + "id" : "b74da6a2-47b3-40d7-91f3-650a54d2da81", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + }, { + "id" : "ec341d56-8220-4246-b7c9-c794455b65ad", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + }, { + "id" : "30a63d91-79e9-4567-9ff3-5f90ab51afba", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "long" + } + }, { + "id" : "63676942-38f5-41b4-ab32-58db63df7ac4", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "218da3db-68a9-45af-91df-745fcf095b0d", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "d1a1312b-7db9-46d9-86b8-05873f8ae641", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + }, { + "id" : "031ecc1f-19cb-433f-8aff-3ffe390c56a3", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "a0759a98-e715-4b85-8cb8-402d52cc9968", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + }, { + "id" : "1f5bd297-a503-4166-b837-168cbed7094f", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "2e03b714-2f0f-4cd9-a488-27d7ed67298f", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${emailScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "57972585-dcd3-4433-b6b2-3c2b096641e7", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "63c9ebc9-17db-4471-a4d8-b2042e991086", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "28cd9329-c859-4b05-a3a9-7f598c65469e", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "17e67a45-ec3f-41de-8849-01c392d873e0", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "f08ef5fa-e2f9-41e9-81bf-a2a9309ce561", + "name" : "acr", + "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "5aaf7a76-8184-412f-a61e-4ca64cbd6e3a", + "name" : "acr loa level", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-acr-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + } ] + } ], + "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], + "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection" : "1; mode=block", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "eventsEnabled" : false, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "identityProviders" : [ ], + "identityProviderMappers" : [ ], + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "97a51343-def4-4dfa-88b6-5c734f425d10", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "48c0cb5a-f0eb-427b-a24e-f887a68753d8", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "72a62729-1d86-4e04-b2ee-7c35de9c5597", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-address-mapper", "oidc-usermodel-property-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper" ] + } + }, { + "id" : "25e43ac7-9d70-423d-b469-e344bc5474b4", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "01c5d3a2-f7a2-49a7-b125-b51f05bc21cf", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + }, { + "id" : "62111204-6844-4cae-8127-4e722b615280", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "saml-user-property-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper" ] + } + }, { + "id" : "3dada027-baf9-4533-9024-edf99729a0ef", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "c96eb428-d406-47cb-a4d8-f83f773c6dfa", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + } ], + "org.keycloak.userprofile.UserProfileProvider" : [ { + "id" : "b34810b0-9f52-465e-b573-60e8c6472e1b", + "providerId" : "declarative-user-profile", + "subComponents" : { }, + "config" : { } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "3aaf0959-abed-4dac-993d-57ea54f15788", + "name" : "rsa-enc-generated", + "providerId" : "rsa-enc-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEowIBAAKCAQEAigcReTIu/HStwfi43+7uJraptz4F41/w/FpkE8IshSGdvDxgyXpcJFtkC5p4P1Ra7cwUdDg9nSEko/e4u4cNjCYd90uRcxGoY0z3GR4ZkR9SEN5sMQDvg6h9iYeVbFiq3v/vyBtsjE9mOhskUs8ffpkBOIKxizOv0HTjEKSVXL279dlySaNHETXzpFBUUgMET2TomrO8X+vW20G5OurQKRGckaGpKbbkkNPBRE34OeEAAzMQgtlNs5ep2FWaLJrHcHG+50OTVusJdFTcd4NY+4CeXE6tNJzHzhGzGgwCAeQNMVt92O4ilBlBA6qgvmQBPITQ+2z+aLR8n2i9QyATkQIDAQABAoIBAAxpwRGpGJZp8F/5zDeQY3DOG+J/xJQLom6xet9Xhr001hySAgLQmyWGZg+QlWidn51T7ZF7ptfhHYxU+JM93LMqUObW8BZdA8ulZfIHddVqL41WkXyRONkab6rNC5w+N6S9N+1jQP533AnU+83qNGsEW9qfD1RFYlYBExQhtxCLWmDaV2dcfMyUxLEB3d/YFyXEcI5kQ19V2aMzlj2YuwN4sstzlhmTujjjahyc3mLajXTeL9ZQxQi3G3GbkawuB3Z90EQC2FPwPuxQA17eaj6BBJGttJFcos8G6xiAT2dOiEcKRnuQsmnYsvYduxPhqkHP1SYmqUBxSp+X+8jRc9kCgYEAwBj0ON0YCZaN/po2728K3FpF2Hi4sstgyijSEU10fcBRZLh3mCXsY8juun0QS7MQ7N9+tFNzSlkqsgF6bQ0LdVjKVVPaIxLoOm5iOtpg+Q3NQUHRlCYmddWHsRr0DUAKFtQnnm0HKj7lWHBHcfPPecfB63jCJEoin2mATVDFV3kCgYEAt/GEd6FayXYiy6wIbVHydgbvzXkPJxF6vxOZ54TqZDr+apAbROr5uFhpuFxb+asRPEJvFrooVixlESF7cya6jGtO972STpMzU3m58Na7nRgFoxnmtymAn4cWjAlAJfxSsmmUTBpDkDkNUy2xR/1UKzkZfFmJjtY18/QovLRu3tkCgYEAomh2klzapcCT7F2VdHj9Ra9MvefSv9cSzdgVQmupwWeHaRBMjGYDpZmLvD9gN5/8/0c1aF/laUZZwoVdbDVLKrsW1W0/T8f8bupEQl2+/tGcZz+uYQKgIZ+WSTXwgANUhFh55odnN2BVpp/Gx6DKGLu6R8qg2O2UuBIKV1OihIECgYBfar1YgS7jCpEKLfdBHh0z9G04nO+rSHnv3G8dlekwjRmklZRPr8RSSCqvI9niLUcHhz6w/2glK2pR9JhhJ1nltVSFVqUqdVlOl/pIYFt6Jhfmf20a3kCGgEDF65aHHdiYDASNZaJekfnDiBRKT7L1qOz7gEbG/X+HSMRI/x/0IQKBgD7jg+YvDwj3npy9u4yCXpROoRgfxpHJ9O+LXrn3psSmoTUlB0RThnSIG+9+uSl/r+AbF1BokPVfGv1oKlU8h2oGGOe18kRHIAzY6tDNaRf9MBX1gjsDtWOuBG0o5w/XwsiLdJBbxYuUZPLtqilgFLoUA3PV0Sy2vSPRSe+MXzI9" ], + "certificate" : [ "MIICozCCAYsCBgGHMuVwSTANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApDWC1DZW50cmFsMB4XDTIzMDMzMDE0MjAxMFoXDTMzMDMzMDE0MjE1MFowFTETMBEGA1UEAwwKQ1gtQ2VudHJhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIoHEXkyLvx0rcH4uN/u7ia2qbc+BeNf8PxaZBPCLIUhnbw8YMl6XCRbZAuaeD9UWu3MFHQ4PZ0hJKP3uLuHDYwmHfdLkXMRqGNM9xkeGZEfUhDebDEA74OofYmHlWxYqt7/78gbbIxPZjobJFLPH36ZATiCsYszr9B04xCklVy9u/XZckmjRxE186RQVFIDBE9k6JqzvF/r1ttBuTrq0CkRnJGhqSm25JDTwURN+DnhAAMzEILZTbOXqdhVmiyax3BxvudDk1brCXRU3HeDWPuAnlxOrTScx84RsxoMAgHkDTFbfdjuIpQZQQOqoL5kATyE0Pts/mi0fJ9ovUMgE5ECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAT6rRE2IqBG5oxgSX1uchhFmVXis/KIxyP6BTUZLbnlssk1lypRJwJbsOgAegioZbbF/nBF4zTzsxAWC13tox/llopsW3x11sgsisZhh4SFZsE9i2ppAjdR55ZaZmi0b1umX0LJJ5C2vRD0zRinP20BGtWvW7B6mxLDUfm84vE3xnCy5VJfbgY9+fN292Kz60qBpF/RQ+LxKnxYxETNXeLV5om/4w9HJKA4CMFw6h6/vVLZWBxWI8xmo25i0HPZsB0XRT1u78Md7OrtbQ81JFCtVsPNlSXNPrZTqDvziD359JBhylp2bfoyehoyzpxkiEkiJm5PRnx+A6UiTZpYKcFg==" ], + "priority" : [ "100" ], + "algorithm" : [ "RSA-OAEP" ] + } + }, { + "id" : "679bba25-69be-4414-ba3a-7f00cc8168e6", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "a768c46a-fc61-4910-9acf-265b023dedbe" ], + "secret" : [ "Fl8DHh2yb14VwrIwzEkBJw" ], + "priority" : [ "100" ] + } + }, { + "id" : "c30df9ad-4d58-4f4c-93b2-c2ae9dc59981", + "name" : "hmac-generated", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "df98fc72-c7c5-4a06-bff3-7ce9bfb71e56" ], + "secret" : [ "rkYcIPIZA1gi8JXaxI5H392tNVzLbCkQgJAlX8ZSKEgqJZeCz_BWoHhWwCVswKdsMJO1pj9zHKvqdlug3iz0Eg" ], + "priority" : [ "100" ], + "algorithm" : [ "HS256" ] + } + }, { + "id" : "c6fd4880-7254-4c71-ae18-48ea6816f76c", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEogIBAAKCAQEAii1ZAd1vRasQec6Nu9Ki2kYMh2wcTqEpZ16YUlgtxqPNW5tU/gPHzHXoR8J8BUXWWCON02e33Gtf3LDkhkm6X3YwHjAZk7A2GSdfXMSf2jFVJzVwpq+M2wS8AZEvPGZyHNuGhl8GvapOlyQ8x+dwB1l2d58vLpvoSSnNSU7GMgzY0bpT4Rnpf36MSvfJX+AcxaLUBdH5mMWI6iPvOUiS13pa/XG7dEVS1k9tY8XpLvr3d5IdQqHst+Q3Dd056b1E4muT596f1bxIRrVKzrJNqApwN8VGPLpNgbiTjDYVlLYlL2BKNaypSeEXgP9z4LyUIufqPcEVCCJcg5torRxwnwIDAQABAoIBABKjoFyUisSKmVvdBZh/BvHLvjfsWPswWT308DY3Z+FiSjrfvrzPNL37b7xyWzl43Luh/Ck21gH5SAKkqAcHXgkvj7kawvB9tiZ5fa8tZOTRf8uctVf+2VDYGCZb99O9fAoxgLmSiv29wgE4ZayPpziOlGD5i6tNY62u4l7PrgOlLjptaUbybpUKVVnDegM1d7dt7D014pp1pja5b32BpS2eOWlsc6NklrqsLYC1U48mNwY1+Xg3PfITPLDc1N6WXTc9pajaMUPtU9IOdo2IQJzKlsFeTHp/hUej17Jikoa3xCuyLfhjWsmh+B9Q23oPGsDUmJ6QKikXyn3YkEyJSkECgYEAwsmhLEUKjIW+vUOWEviY28zHV7sz0UEALYyL/BjxV2bf7fNGK61gt3/xtnDXsdlkNy4xUs530Kr6dyH3GVNWjF7bIkbifUzurMwVuYusLsrQ2HSIX08uhjPIIN0NstA2WKZJbtVMaKrBfjWslvppsHeXIhnqiIPJz+QPUbR39l8CgYEAtZl9kuqO4Ja+2zPlA08+e1bV2S8INLKh9zRtCvIXay7x0bida9hRpKsr1H0xl8OTlvdbCZrYhEnr6e+l9wVrBtOqP30cVRdJWcNT5eBMaTniMoN1BsIcDUpYTyzxIx/wYADcxw+Luivv3oYQmW5Kwfbihuw7L0fIS1z8iuLDLcECgYBiXsNXgRJ/vveBy4UZ1ZQUxMkTREY58jKtziHP0aToN9r053vTiP6kDSg7s6cqeRgESf68y+p0ZjSRP4TztEOsJidSmyu8jcKnX3XFO4VcKC7qcYeBYpKjUblK53gIiuA3Stsg7vVkkn+fRmn/4TzI0sxve1kXUj70Dz+xSouezwKBgBdriCpeXbbROiQC+VIH8kLt2/56dlB1iTXcaQO0XRjRoRYu/P5fk4ftG2X4D2FHM82QcQk4ExxcfDRbV8gXxsnGmno9pF3E9wzAiB1pY/FeKbHiCkGo3v1HzUPIxACHqfR3qAF0G80SxYipOZLQCowhTu2fobJjS42MnHU88XcBAoGAN5xqOKuFrp6AsRxJPuZLM+BkVS6gLWkSkS3NvUzOPzSjIhqNf1B3ZhNjRR2NlckKa91/PvbpOyeA/ehuyTuBROU23VZAh0KjIA3cbQwCJ/6W2Gsz5+s9A4Yms9+dH0eF3u5l2QG/VsuShwU4q+/2Qo+9OzRz1irPdv6+p7onF4Y=" ], + "certificate" : [ "MIICozCCAYsCBgGHMuVwuDANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApDWC1DZW50cmFsMB4XDTIzMDMzMDE0MjAxMFoXDTMzMDMzMDE0MjE1MFowFTETMBEGA1UEAwwKQ1gtQ2VudHJhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIotWQHdb0WrEHnOjbvSotpGDIdsHE6hKWdemFJYLcajzVubVP4Dx8x16EfCfAVF1lgjjdNnt9xrX9yw5IZJul92MB4wGZOwNhknX1zEn9oxVSc1cKavjNsEvAGRLzxmchzbhoZfBr2qTpckPMfncAdZdnefLy6b6EkpzUlOxjIM2NG6U+EZ6X9+jEr3yV/gHMWi1AXR+ZjFiOoj7zlIktd6Wv1xu3RFUtZPbWPF6S7693eSHUKh7LfkNw3dOem9ROJrk+fen9W8SEa1Ss6yTagKcDfFRjy6TYG4k4w2FZS2JS9gSjWsqUnhF4D/c+C8lCLn6j3BFQgiXIObaK0ccJ8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAGfUrRgYgm9ux/CMjMTLepb7tOokCz+VK/X9RTGOaceeuz9h1Fh9cKlv4nmouYTc5kXyYBDoN6hL3dR3vfgnFHYQH9k7hr80aZ90WeDECXeGXVhVD7M4f5dr6P5p6KP6f7Jf4DKHSydtCWt/rqzL38krxP5rJqDo1rflIFWFyJPxJZ2k6d1Zw+3DEE8g3kvXNeelhUcsMY2LOw+AE2kuS0TSjMYk2pTaQejYjz5OB6uLx7EVUnYMa7vpTIsJC9BgZBubJ6qLbf3uUGXvriqOelqDCGwhT5XJhi3IZ8nJnoW098ulK2VWzsVvw885S+zH5l6FqtuZNf0ACKvlkKr09NA==" ], + "priority" : [ "100" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ ], + "authenticationFlows" : [ { + "id" : "0a3a2eb7-9056-46b9-bbbb-843c9726da72", + "alias" : "Account verification options", + "description" : "Method with which to verity the existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false + } ] + }, { + "id" : "9c2d5263-e3aa-45f2-804b-2f82918a7a1b", + "alias" : "Authentication Options", + "description" : "Authentication options.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "basic-auth", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "basic-auth-otp", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "a5d8924c-223d-4b9d-891e-2ffd6780e9ad", + "alias" : "Browser - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "0190fb25-ae89-40a1-92e5-9cfd91bbd37e", + "alias" : "Direct Grant - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "e8aa9126-df4a-494e-8bc7-22b7c77b72fc", + "alias" : "First broker login - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "0141d6ca-0ff9-4a7e-8154-f25881ada7fd", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Account verification options", + "userSetupAllowed" : false + } ] + }, { + "id" : "ec1b5e7b-d316-430b-9913-0134cead7924", + "alias" : "Reset - Conditional OTP", + "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "28a58dfd-c492-41e4-9e61-d6adab1ed63a", + "alias" : "User creation or linking", + "description" : "Flow for the existing/non-existing user alternatives", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false + } ] + }, { + "id" : "c9742605-7457-459f-87bf-fb4f86255874", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "First broker login - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "79eccc19-a2de-4abe-9527-c639c27a384a", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "identity-provider-redirector", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 25, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "forms", + "userSetupAllowed" : false + } ] + }, { + "id" : "1816175d-3cf1-40fa-947d-eac240a52467", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-secret-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-x509", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "782accee-e8a9-48d7-a54f-484a6dae1d5e", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "Direct Grant - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "d65807a4-8d42-4e3b-9888-244b7957cf25", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "bed39bce-4183-42c9-922e-221e6e589da6", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "User creation or linking", + "userSetupAllowed" : false + } ] + }, { + "id" : "04e3650e-1da9-4c82-a163-26de5d339f24", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Browser - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "c94b6ea1-a3c2-49a8-8716-226c9b49d417", + "alias" : "http challenge", + "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "no-cookie-redirect", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Authentication Options", + "userSetupAllowed" : false + } ] + }, { + "id" : "cced423a-7908-4071-90e1-3b6c79b8ab2e", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : true, + "flowAlias" : "registration form", + "userSetupAllowed" : false + } ] + }, { + "id" : "5b827dbd-673f-487c-9693-00c5c1996c08", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-profile-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-password-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 50, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-recaptcha-action", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 60, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "ea98cb54-08e6-4592-9b49-c9d9ab83b5b8", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-credential-email", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 40, + "autheticatorFlow" : true, + "flowAlias" : "Reset - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "6f2cf85a-9e5c-4a09-a913-03b167b4cb3f", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "cb5835cc-9a4f-4ed6-bd26-96045b975c68", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "33a80040-4c0b-412f-abb0-a080297348f4", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "terms_and_conditions", + "name" : "Terms and Conditions", + "providerId" : "terms_and_conditions", + "enabled" : false, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "delete_account", + "name" : "Delete Account", + "providerId" : "delete_account", + "enabled" : false, + "defaultAction" : false, + "priority" : 60, + "config" : { } + }, { + "alias" : "webauthn-register", + "name" : "Webauthn Register", + "providerId" : "webauthn-register", + "enabled" : true, + "defaultAction" : false, + "priority" : 70, + "config" : { } + }, { + "alias" : "webauthn-register-passwordless", + "name" : "Webauthn Register Passwordless", + "providerId" : "webauthn-register-passwordless", + "enabled" : true, + "defaultAction" : false, + "priority" : 80, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "attributes" : { + "cibaBackchannelTokenDeliveryMode" : "poll", + "cibaAuthRequestedUserHint" : "login_hint", + "clientOfflineSessionMaxLifespan" : "0", + "oauth2DevicePollingInterval" : "5", + "clientSessionIdleTimeout" : "0", + "clientOfflineSessionIdleTimeout" : "0", + "cibaInterval" : "5", + "realmReusableOtpCode" : "false", + "cibaExpiresIn" : "120", + "oauth2DeviceCodeLifespan" : "600", + "parRequestUriLifespan" : "60", + "clientSessionMaxLifespan" : "0", + "frontendUrl" : "", + "acr.loa.map" : "{}" + }, + "keycloakVersion" : "20.0.5", + "userManagedAccessAllowed" : false, + "clientProfiles" : { + "profiles" : [ ] + }, + "clientPolicies" : { + "policies" : [ ] + } +} \ No newline at end of file diff --git a/charts/semantic-hub/templates/hub/hub-secret.yaml b/charts/semantic-hub/templates/hub/hub-secret.yaml index bc595e14..47126436 100644 --- a/charts/semantic-hub/templates/hub/hub-secret.yaml +++ b/charts/semantic-hub/templates/hub/hub-secret.yaml @@ -28,7 +28,11 @@ metadata: chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" type: Opaque data: + {{- if .Values.hub.idpIssuerUri }} SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: {{ .Values.hub.idpIssuerUri | b64enc }} + {{- else }} + SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: {{ "http://hub-keycloak/realms/default-realm" | b64enc }} + {{- end }} HUB_GENERAL_IDM_PUBLIC_CLIENT_ID: {{ .Values.hub.idpClientId | b64enc }} # the fuseki instance does not require authentication yet # this variables need to be provided because they are mandatory in the application diff --git a/charts/semantic-hub/templates/keycloak/init-script-configmap.yaml b/charts/semantic-hub/templates/keycloak/init-script-configmap.yaml new file mode 100644 index 00000000..7f4c54ea --- /dev/null +++ b/charts/semantic-hub/templates/keycloak/init-script-configmap.yaml @@ -0,0 +1,7 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: init-script-vol +data: + default-realm-import.json: |- +{{ .Files.Get "config/default-realm-import.json" | indent 4 }} \ No newline at end of file diff --git a/charts/semantic-hub/values.yaml b/charts/semantic-hub/values.yaml index f8d70baa..74ad9212 100644 --- a/charts/semantic-hub/values.yaml +++ b/charts/semantic-hub/values.yaml @@ -18,6 +18,10 @@ # SPDX-License-Identifier: Apache-2.0 ############################################################### + +# enables the default keycloak identity provider +enableKeycloak: true + hub: image: registry: ghcr.io/catenax-ng @@ -28,12 +32,17 @@ hub: replicaCount: 1 containerPort: 4242 ## Use in-memory triple store that is not persistent - embeddedTripleStore: true + embeddedTripleStore: false host: minikube ## If 'authentication' is set to false, no OAuth authentication is enforced authentication: false - idpIssuerUri: https://idp-url - idpClientId: idpClientID + # Issuer url for the hub (resource server), + # make sure that the url points to an externally resolvable hostname. + # If no value is committed, and the integrated Keycloak is enabled, + # the K8s internal service name is used, which is a problem, when + # validating the issuer claim in an access token + idpIssuerUri: "" + idpClientId: default-client ## Ignored if 'graphdb.enabled' is set to true graphdbBaseUrl: http://graphdb:3030 service: @@ -80,3 +89,29 @@ graphdb: memory: "512Mi" service: port: 3030 + +keycloak: + postgresql: + enabled: true + auth: + adminUser: admin + adminPassword: "admin" + service: + type: ClusterIP + extraVolumes: + - name: init-script-vol + configMap: + name: init-script-vol + # Mounting a keycloak realm configuration file + fullnameOverride: hub-keycloak + extraVolumeMounts: + - mountPath: /opt/keycloak/data/import/default-realm-import.json + subPath: default-realm-import.json + name: init-script-vol + # Using a pre-configured Keycloak with a default realm, + # containing a test client and user with the necessary roles to + # authorize requests to the semantic hub. + # Make sure to remove the '--hostname' property when deploying + # in a non-test scenario + command: ["/bin/sh","-c"] + args: ["kc.sh import --file /opt/keycloak/data/import/default-realm-import.json; kc.sh start-dev --hostname=registry-keycloak --hostname-strict=false --proxy=edge --proxy=edge"] From 7e83a277748b51773ef1e0bc4e4fa1e644d3a41a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lukas=20R=C3=B6mer?= Date: Tue, 4 Apr 2023 16:59:59 +0200 Subject: [PATCH 2/4] Fix spacing issues in Helm chart --- charts/semantic-hub/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/semantic-hub/values.yaml b/charts/semantic-hub/values.yaml index 74ad9212..8c3804b6 100644 --- a/charts/semantic-hub/values.yaml +++ b/charts/semantic-hub/values.yaml @@ -64,7 +64,7 @@ hub: memory: "1024Mi" requests: memory: "512Mi" - + graphdb: ## Include Fuski deployment or deploy separately enabled: false @@ -113,5 +113,5 @@ keycloak: # authorize requests to the semantic hub. # Make sure to remove the '--hostname' property when deploying # in a non-test scenario - command: ["/bin/sh","-c"] + command: ["/bin/sh", "-c"] args: ["kc.sh import --file /opt/keycloak/data/import/default-realm-import.json; kc.sh start-dev --hostname=registry-keycloak --hostname-strict=false --proxy=edge --proxy=edge"] From dd1ef4e3e9398d3d7adeee549338f2253493ecb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lukas=20R=C3=B6mer?= Date: Tue, 11 Apr 2023 12:01:16 +0200 Subject: [PATCH 3/4] Include Helm chart testing config --- .github/workflows/helm-test.yml | 4 ++-- charts/chart-testing-config.yaml | 3 +++ charts/semantic-hub/Chart.yaml | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) create mode 100644 charts/chart-testing-config.yaml diff --git a/.github/workflows/helm-test.yml b/.github/workflows/helm-test.yml index 2f23835b..c53f31bd 100644 --- a/.github/workflows/helm-test.yml +++ b/.github/workflows/helm-test.yml @@ -64,8 +64,8 @@ jobs: echo "::set-output name=changed::true" fi - name: Run chart-testing (lint) - run: ct lint --validate-maintainers=false --target-branch ${{ github.event.repository.default_branch }} + run: ct lint --validate-maintainers=false --target-branch ${{ github.event.repository.default_branch }} --config charts/chart-testing-config.yaml - name: Run chart-testing (install) - run: ct install --charts charts/semantic-hub + run: ct install --charts charts/semantic-hub --config charts/chart-testing-config.yaml if: steps.list-changed.outputs.changed == 'true' diff --git a/charts/chart-testing-config.yaml b/charts/chart-testing-config.yaml new file mode 100644 index 00000000..0e182b74 --- /dev/null +++ b/charts/chart-testing-config.yaml @@ -0,0 +1,3 @@ +validate-maintainers: false +chart-repos: + - bitnami=https://charts.bitnami.com/bitnami \ No newline at end of file diff --git a/charts/semantic-hub/Chart.yaml b/charts/semantic-hub/Chart.yaml index db81ac59..a6c3c214 100644 --- a/charts/semantic-hub/Chart.yaml +++ b/charts/semantic-hub/Chart.yaml @@ -3,7 +3,7 @@ name: semantic-hub description: Helm Chart for the Catena-X Semantic Hub Application type: application -version: 0.1.10 +version: 0.1.11 appVersion: 0.2.1-M1 dependencies: - repository: https://charts.bitnami.com/bitnami From 5d16950c4ffdd4c8898c7d1719d1dc25a3c56a96 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lukas=20R=C3=B6mer?= Date: Tue, 11 Apr 2023 12:10:09 +0200 Subject: [PATCH 4/4] Add trailing new line and license header where missing --- charts/semantic-hub/Chart.yaml | 2 +- .../keycloak/init-script-configmap.yaml | 21 ++++++++++++++++++- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/charts/semantic-hub/Chart.yaml b/charts/semantic-hub/Chart.yaml index a6c3c214..ca59b454 100644 --- a/charts/semantic-hub/Chart.yaml +++ b/charts/semantic-hub/Chart.yaml @@ -9,4 +9,4 @@ dependencies: - repository: https://charts.bitnami.com/bitnami name: keycloak version: 13.3.0 - condition: enableKeycloak \ No newline at end of file + condition: enableKeycloak diff --git a/charts/semantic-hub/templates/keycloak/init-script-configmap.yaml b/charts/semantic-hub/templates/keycloak/init-script-configmap.yaml index 7f4c54ea..6aea75d8 100644 --- a/charts/semantic-hub/templates/keycloak/init-script-configmap.yaml +++ b/charts/semantic-hub/templates/keycloak/init-script-configmap.yaml @@ -1,7 +1,26 @@ +# Copyright (c) 2023 Copyright (c) 2023 Robert Bosch Manufacturing Solutions GmbH +# Copyright (c) 2023 Contributors to the Eclipse Foundation + +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. + +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +# SPDX-License-Identifier: Apache-2.0 +--- + kind: ConfigMap apiVersion: v1 metadata: name: init-script-vol data: default-realm-import.json: |- -{{ .Files.Get "config/default-realm-import.json" | indent 4 }} \ No newline at end of file +{{ .Files.Get "config/default-realm-import.json" | indent 4 }}