From 28b011d450034e76aa4ac56225c29e0a6d67b592 Mon Sep 17 00:00:00 2001 From: Aytac Ozkan Date: Mon, 20 Apr 2020 06:24:47 +0200 Subject: [PATCH] general development.* --- .metals/metals.h2.db | Bin 118784 -> 118784 bytes .metals/metals.log | 31 + README.md | 12 +- build.sh | 96 ++- data.sql | 21 +- docker-compose.yml | 3 +- generate-initial-values-keycloak.sh | 4 + keycloak/Dockerfile | 12 +- keycloak/realm-export.json | 937 +++++++++++++++++++--------- 9 files changed, 804 insertions(+), 312 deletions(-) create mode 100644 generate-initial-values-keycloak.sh diff --git a/.metals/metals.h2.db b/.metals/metals.h2.db index 7d9ebef2fe4609bcd21adbd592b67f3043b8c355..26879aa9a928e8b9911c4411b9843029b511612f 100644 GIT binary patch delta 62 ucmZozz}~QceSv_$lII^~7{Gv03P=fU78H2TFUWvZxcR^S_W$~fj0*q&d=Q2J delta 62 tcmZozz}~QceSv_0<)Sm^7$BezNU?1e6nM`s$beP2`M>`5|N4xK3jhlK5e@(V diff --git a/.metals/metals.log b/.metals/metals.log index 3ff59a5..313297f 100644 --- a/.metals/metals.log +++ b/.metals/metals.log @@ -10,3 +10,34 @@ INFO: Unsupported notification method: $/setTraceNotification Apr 16, 2020 7:23:04 PM org.eclipse.lsp4j.jsonrpc.services.GenericEndpoint notify INFO: Unsupported notification method: $/setTraceNotification INFO shutting down Metals +INFO started: Metals version 0.8.4 in workspace '/home/magnusanatolius/works/in-sylva.infrastructure' +INFO time: initialize in 0.48s +WARN no build tool detected in workspace '/home/magnusanatolius/works/in-sylva.infrastructure'. The most common cause for this problem is that the editor was opened in the wrong working directory, for example if you use sbt then the workspace directory should contain build.sbt. +INFO started: Metals version 0.8.4 in workspace '/home/magnusanatolius/works/in-sylva.infrastructure' +INFO time: initialize in 0.48s +WARN no build tool detected in workspace '/home/magnusanatolius/works/in-sylva.infrastructure'. The most common cause for this problem is that the editor was opened in the wrong working directory, for example if you use sbt then the workspace directory should contain build.sbt. +Apr 19, 2020 6:33:30 PM org.eclipse.lsp4j.jsonrpc.services.GenericEndpoint notify +INFO: Unsupported notification method: $/setTraceNotification +Apr 19, 2020 6:37:30 PM org.eclipse.lsp4j.jsonrpc.services.GenericEndpoint notify +INFO: Unsupported notification method: $/setTraceNotification +Apr 19, 2020 6:38:31 PM org.eclipse.lsp4j.jsonrpc.services.GenericEndpoint notify +INFO: Unsupported notification method: $/setTraceNotification +Apr 19, 2020 6:38:33 PM org.eclipse.lsp4j.jsonrpc.services.GenericEndpoint notify +INFO: Unsupported notification method: $/setTraceNotification +Apr 19, 2020 6:38:43 PM org.eclipse.lsp4j.jsonrpc.services.GenericEndpoint notify +INFO: Unsupported notification method: $/setTraceNotification +Apr 19, 2020 6:38:46 PM org.eclipse.lsp4j.jsonrpc.services.GenericEndpoint notify +INFO: Unsupported notification method: $/setTraceNotification +Apr 19, 2020 6:41:06 PM org.eclipse.lsp4j.jsonrpc.services.GenericEndpoint notify +INFO: Unsupported notification method: $/setTraceNotification +Apr 19, 2020 6:41:08 PM org.eclipse.lsp4j.jsonrpc.services.GenericEndpoint notify +INFO: Unsupported notification method: $/setTraceNotification +Apr 19, 2020 6:43:20 PM org.eclipse.lsp4j.jsonrpc.services.GenericEndpoint notify +INFO: Unsupported notification method: $/setTraceNotification +Apr 19, 2020 6:43:58 PM org.eclipse.lsp4j.jsonrpc.services.GenericEndpoint notify +INFO: Unsupported notification method: $/setTraceNotification +Apr 19, 2020 6:44:21 PM org.eclipse.lsp4j.jsonrpc.services.GenericEndpoint notify +INFO: Unsupported notification method: $/setTraceNotification +Apr 19, 2020 6:44:45 PM org.eclipse.lsp4j.jsonrpc.services.GenericEndpoint notify +INFO: Unsupported notification method: $/setTraceNotification +INFO shutting down Metals diff --git a/README.md b/README.md index 861655a..fb6cbd0 100644 --- a/README.md +++ b/README.md @@ -197,4 +197,14 @@ For more complete information on a certificate: ### NOSPC: no space left on device' while running the nodeJS in docker -`sudo docker system prune -af` \ No newline at end of file +`sudo docker system prune -af` + + +# Using the Admin CLI of Keycloak + +```sh +$ $JBOSS_HOME/bin/kcadm.sh config credentials --server http://localhost:8080/keycloak/auth --realm master --user insylva_admin --password v2kGBDUaGjXK2VuPyf5R64VS +$ kcadm.sh create realms -s realm=in-sylva-2 -s enabled=true -o +$ CID=$(kcadm.sh create clients -r in-sylva-2 -s clientId=my_client -s 'redirectUris=["*"]' -i) +$ kcadm.sh get clients/$CID/installation/providers/keycloak-oidc-keycloak-json +``` \ No newline at end of file diff --git a/build.sh b/build.sh index f31d584..03b4bc8 100644 --- a/build.sh +++ b/build.sh @@ -1,27 +1,81 @@ #!/bin/bash + +# echo -n "Enter the name of public key (ex:id_ed25519): " +# read publickey + if [$1 -eq ""] then - set "id_ed25519" + set $"id_ed25519" +fi + +echo $publickey +echo -n "Enter the name of docker image name which is wanted to build locally: (ex:gatekeeper or || all): " +read imageName + +if [$imageName -eq ""] +then + set $"all" fi -sh ./gatekeeper/build.sh $1 -wait -echo "gatekeeper image Successfully built" -sh ./keycloak/build.sh $1 -wait -echo "keycloak image Successfully built" -sh ./login/build.sh $1 -wait -echo "login image Successfully built" -sh ./portal/build.sh $1 -wait -echo "portal image Successfully built" -sh ./postgresql/build.sh $1 -wait -echo "postgresql image Successfully built" -sh ./source.manager/build.sh $1 -echo "source.manager image Successfully built" -wait -sh ./doc/build.sh $1 -echo "doc image Successfully built" \ No newline at end of file +case $imageName in + "gatekeeper") + sh ./gatekeeper/build.sh $1 + wait + echo -e $"gatekeeper image Successfully built\n" + ;; + "keycloak") + sh ./keycloak/build.sh $1 + wait + echo -e $"keycloak image Successfully built\n" + ;; + "login") + sh ./login/build.sh $1 + wait + echo -e $"login image Successfully built\n" + ;; + "portal") + sh ./portal/build.sh $1 + wait + echo -e $"portal image Successfully built\n" + ;; + "postgresql") + sh ./postgresql/build.sh $1 + wait + echo -e $"postgresql image Successfully built\n" + ;; + "sourceman") + sh ./source.manager/build.sh $1 + wait + echo -e $"source.manager image Successfully built\n" + ;; + "doc") + sh ./doc/build.sh $1 + wait + echo $"doc image Successfully built\n" + ;; + *) + sh ./gatekeeper/build.sh $1 + wait + echo -e $"gatekeeper image Successfully built\n" + sh ./keycloak/build.sh $1 + wait + echo -e $"keycloak image Successfully built\n" + sh ./login/build.sh $1 + wait + echo -e $"login image Successfully built\n" + sh ./portal/build.sh $1 + wait + echo -e $"portal image Successfully built\n" + sh ./postgresql/build.sh $1 + wait + echo -e $"postgresql image Successfully built\n" + sh ./source.manager/build.sh $1 + wait + echo -e $"source.manager image Successfully built\n" + sh ./doc/build.sh $1 + wait + echo $"doc image Successfully built\n" + ;; +esac +shift \ No newline at end of file diff --git a/data.sql b/data.sql index 3a52f6e..b727c5b 100644 --- a/data.sql +++ b/data.sql @@ -13,16 +13,29 @@ CREATE TABLE IF NOT EXISTS users ( CREATE TABLE IF NOT EXISTS sources ( id serial PRIMARY KEY, - index_id varchar(50), - mng_id varchar(50) NOT NULL, name varchar(50) NOT NULL , description text, - - is_send boolean default false, + create_at timestamp NOT NULL DEFAULT NOW(), update_at timestamp ); +CREATE TABLE IF NOT EXISTS sources_indices( + id serial PRIMARY KEY, + source_id integer, + + index_id varchar(50), + mng_id varchar(50) NOT NULL, + is_send boolean default false, + + CONSTRAINT sources_indices_source_id_fkey FOREIGN KEY (source_id) + REFERENCES sources(id) MATCH SIMPLE + ON UPDATE NO ACTION ON DELETE NO ACTION, + + create_at timestamp NOT NULL DEFAULT NOW(), + update_at timestamp +); + CREATE table IF NOT EXISTS provider_sources ( id serial PRIMARY KEY, user_id integer NOT NULL, diff --git a/docker-compose.yml b/docker-compose.yml index b2d8433..56a7e90 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -30,6 +30,7 @@ services: DB_PASSWORD: v2kGBDUaGjXK2VuPyf5R64VS KEYCLOAK_USER: insylva_admin KEYCLOAK_PASSWORD: v2kGBDUaGjXK2VuPyf5R64VS + KEYCLOAK_IMPORT: /home/realms/realm-export.json # Uncomment the line below if you want to specify JDBC parameters. The parameter below is just an example, and it shouldn't be used in production without knowledge. It is highly recommended that you read the PostgreSQL JDBC driver documentation in order to use it. #JDBC_PARAMS: "ssl=true" ports: @@ -41,7 +42,7 @@ services: restart: unless-stopped pgadmin: - image: dpage/pgadmin4 + image: dpage/pgadmin4:latest deploy: resources: limits: diff --git a/generate-initial-values-keycloak.sh b/generate-initial-values-keycloak.sh new file mode 100644 index 0000000..f1895ee --- /dev/null +++ b/generate-initial-values-keycloak.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +docker exec -it in-sylva.keycloak /bin/bash -c "/opt/jboss/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080/keycloak/auth --realm master --user insylva_admin --password v2kGBDUaGjXK2VuPyf5R64VS" +docker exec -it in-sylva.keycloak /bin/bash -c "/opt/jboss/keycloak/bin/kcadm.sh create realms -f /home/realms/realm-export.json \ No newline at end of file diff --git a/keycloak/Dockerfile b/keycloak/Dockerfile index 60ca421..0fe3700 100644 --- a/keycloak/Dockerfile +++ b/keycloak/Dockerfile @@ -1,11 +1,10 @@ FROM centos:latest -ENV KEYCLOAK_VERSION 9.0.0 +ENV KEYCLOAK_VERSION 9.0.3 ENV JDBC_POSTGRES_VERSION 42.2.5 ENV JDBC_MYSQL_VERSION 5.1.46 ENV JDBC_MARIADB_VERSION 2.2.3 ENV JDBC_MSSQL_VERSION 7.4.1.jre11 - ENV LAUNCH_JBOSS_IN_BACKGROUND 1 ENV PROXY_ADDRESS_FORWARDING true ENV JBOSS_HOME /opt/jboss/keycloak @@ -19,9 +18,14 @@ USER root RUN yum update -y && yum install -y gzip hostname java-11-openjdk-headless openssl tar which && yum clean all + +RUN mkdir /home/realms +COPY realm-export.json /home/realms + ADD tools /opt/jboss/tools RUN /opt/jboss/tools/build-keycloak.sh + RUN sed -i -e 's/auth<\/web-context>/keycloak\/auth<\/web-context>/' $JBOSS_HOME/standalone/configuration/standalone.xml RUN sed -i -e 's/auth<\/web-context>/keycloak\/auth<\/web-context>/' $JBOSS_HOME/standalone/configuration/standalone-ha.xml RUN sed -i -e 's/name="\/"/name="\/keycloak\/"/' $JBOSS_HOME/standalone/configuration/standalone.xml @@ -33,4 +37,6 @@ EXPOSE 8443 ENTRYPOINT [ "/opt/jboss/tools/docker-entrypoint.sh" ] -CMD ["-b", "0.0.0.0"] \ No newline at end of file +CMD ["-b", "0.0.0.0"] + +# RUN $JBOSS_HOME/bin/kcadm.sh config credentials --server http://localhost:8080/keycloak/auth --realm master --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD diff --git a/keycloak/realm-export.json b/keycloak/realm-export.json index f2086ff..95418ab 100644 --- a/keycloak/realm-export.json +++ b/keycloak/realm-export.json @@ -4,14 +4,14 @@ "notBefore": 0, "revokeRefreshToken": false, "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, + "accessTokenLifespan": 3600, + "accessTokenLifespanForImplicitFlow": 3600, "ssoSessionIdleTimeout": 1800, "ssoSessionMaxLifespan": 36000, "ssoSessionIdleTimeoutRememberMe": 0, "ssoSessionMaxLifespanRememberMe": 0, "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespanEnabled": true, "offlineSessionMaxLifespan": 5184000, "accessCodeLifespan": 60, "accessCodeLifespanUserAction": 300, @@ -19,7 +19,7 @@ "actionTokenGeneratedByAdminLifespan": 43200, "actionTokenGeneratedByUserLifespan": 300, "enabled": true, - "sslRequired": "none", + "sslRequired": "external", "registrationAllowed": false, "registrationEmailAsUsername": false, "rememberMe": false, @@ -36,6 +36,328 @@ "quickLoginCheckMilliSeconds": 1000, "maxDeltaTimeSeconds": 43200, "failureFactor": 30, + "roles": { + "realm": [ + { + "id": "6ab26b09-a979-4405-a414-573bfd2ee883", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "in-sylva", + "attributes": {} + }, + { + "id": "4fa62175-b756-43fb-8c14-945ee66e5ee2", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "in-sylva", + "attributes": {} + } + ], + "client": { + "in-sylva.user.app": [], + "realm-management": [ + { + "id": "36eb8d83-c1c8-4cbd-8f89-b9b8ac15450e", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "0d1d1640-2d1e-4819-8e0e-347becb8cff3", + "attributes": {} + }, + { + "id": "3d49de57-988b-402d-8b40-6e937a2714e4", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "0d1d1640-2d1e-4819-8e0e-347becb8cff3", + "attributes": {} + }, + { + "id": "37117b70-f90b-43df-bd72-a05831bacd23", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "0d1d1640-2d1e-4819-8e0e-347becb8cff3", + "attributes": {} + }, + { + "id": "97cc42b6-646b-4a57-8a63-7de8d5d0aabe", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "0d1d1640-2d1e-4819-8e0e-347becb8cff3", + "attributes": {} + }, + { + "id": "3a9f0242-03c9-4107-938e-24da486cf44f", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "view-authorization", + "manage-identity-providers", + "view-identity-providers", + "query-clients", + "create-client", + "view-events", + "manage-authorization", + "manage-clients", + "query-users", + "view-clients", + "query-realms", + "query-groups", + "view-users", + "manage-realm", + "manage-users", + "impersonation", + "manage-events", + "view-realm" + ] + } + }, + "clientRole": true, + "containerId": "0d1d1640-2d1e-4819-8e0e-347becb8cff3", + "attributes": {} + }, + { + "id": "be4f07a0-ce11-4ab6-bc5d-987278d53f50", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "0d1d1640-2d1e-4819-8e0e-347becb8cff3", + "attributes": {} + }, + { + "id": "2029c041-ea28-46bb-aa16-4f695bcc81b7", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "0d1d1640-2d1e-4819-8e0e-347becb8cff3", + "attributes": {} + }, + { + "id": "ba0b0a8e-2c13-4ab2-b44c-662ecf603b35", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "0d1d1640-2d1e-4819-8e0e-347becb8cff3", + "attributes": {} + }, + { + "id": "a931e563-5182-4101-bb27-881493ca0c2f", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "0d1d1640-2d1e-4819-8e0e-347becb8cff3", + "attributes": {} + }, + { + "id": "e8083b7d-9b53-44db-83d7-bd404e866565", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "0d1d1640-2d1e-4819-8e0e-347becb8cff3", + "attributes": {} + }, + { + "id": "4dc8664d-7aad-412a-b845-0617b647c317", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "0d1d1640-2d1e-4819-8e0e-347becb8cff3", + "attributes": {} + }, + { + "id": "84abba1f-fd6a-42a8-8c15-23e175d5e191", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "0d1d1640-2d1e-4819-8e0e-347becb8cff3", + "attributes": {} + }, + { + "id": "f25cf199-9773-4b1e-8f4d-8ac38534aeb5", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "0d1d1640-2d1e-4819-8e0e-347becb8cff3", + "attributes": {} + }, + { + "id": "db6a100d-015c-43a1-80af-fcfcce944ff7", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-groups", + "query-users" + ] + } + }, + "clientRole": true, + "containerId": "0d1d1640-2d1e-4819-8e0e-347becb8cff3", + "attributes": {} + }, + { + "id": "d5b438df-9465-487f-9a0a-6288f5cd310f", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "0d1d1640-2d1e-4819-8e0e-347becb8cff3", + "attributes": {} + }, + { + "id": "943f58b8-13cc-47e7-bf4a-cc75e1fd8420", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "0d1d1640-2d1e-4819-8e0e-347becb8cff3", + "attributes": {} + }, + { + "id": "6dd89089-f85a-4035-996b-4a0d99304112", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "0d1d1640-2d1e-4819-8e0e-347becb8cff3", + "attributes": {} + }, + { + "id": "a1dc50ac-1274-43e6-9e2f-ef7ee7c3f6ee", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "0d1d1640-2d1e-4819-8e0e-347becb8cff3", + "attributes": {} + }, + { + "id": "4eda4e9c-fa03-4abb-a2b6-8dea01ff6b21", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "0d1d1640-2d1e-4819-8e0e-347becb8cff3", + "attributes": {} + } + ], + "security-admin-console": [], + "admin-cli": [], + "account-console": [], + "broker": [ + { + "id": "3cf37e8f-1f69-4073-aa73-cb73e696e225", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "01277454-3048-4b7d-8ada-a7a41bdd093f", + "attributes": {} + } + ], + "account": [ + { + "id": "524608d2-2f98-4c48-a4af-e60e3841043c", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "917c401b-c094-4262-9548-d819b1a67cee", + "attributes": {} + }, + { + "id": "368ab518-15e5-4317-a65f-e9ad22fce0c5", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "917c401b-c094-4262-9548-d819b1a67cee", + "attributes": {} + }, + { + "id": "99720b33-6292-4968-8cd8-574724928d69", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "917c401b-c094-4262-9548-d819b1a67cee", + "attributes": {} + }, + { + "id": "935ad2f8-6537-4b42-b99e-8d9464fd6ba3", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "917c401b-c094-4262-9548-d819b1a67cee", + "attributes": {} + }, + { + "id": "41a8e3f5-9826-45b4-99ae-5c0c46e119a7", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": [ + "view-consent" + ] + } + }, + "clientRole": true, + "containerId": "917c401b-c094-4262-9548-d819b1a67cee", + "attributes": {} + }, + { + "id": "d766242c-d486-45fc-81d3-70a0d9bc552a", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": [ + "manage-account-links" + ] + } + }, + "clientRole": true, + "containerId": "917c401b-c094-4262-9548-d819b1a67cee", + "attributes": {} + } + ] + } + }, + "groups": [], "defaultRoles": [ "offline_access", "uma_authorization" @@ -65,6 +387,18 @@ "webAuthnPolicyCreateTimeout": 0, "webAuthnPolicyAvoidSameAuthenticatorRegister": false, "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], "scopeMappings": [ { "clientScope": "offline_access", @@ -76,31 +410,33 @@ "clientScopeMappings": { "account": [ { - "client": "admin-cli", + "client": "account-console", "roles": [ - "manage-account", - "view-profile" + "manage-account" ] } ] }, "clients": [ { - "id": "b53f41fc-4b09-4f12-a7dd-8376fa5b99d0", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/in-sylva/console/", + "id": "917c401b-c094-4262-9548-d819b1a67cee", + "clientId": "account", + "name": "${client_account}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/in-sylva/account/", "surrogateAuthRequired": false, "enabled": true, + "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", - "redirectUris": [ - "/admin/in-sylva/console/*" + "defaultRoles": [ + "view-profile", + "manage-account" ], - "webOrigins": [ - "+" + "redirectUris": [ + "/realms/in-sylva/account/*" ], + "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -108,30 +444,13 @@ "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, - "publicClient": true, + "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": {}, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "62fe7a5f-52d6-4604-9f95-b1c12b8695b5", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], "defaultClientScopes": [ "web-origins", "role_list", @@ -147,19 +466,16 @@ ] }, { - "id": "500505b9-c8a9-443c-962e-72c9167e2dfb", - "clientId": "account", - "name": "${client_account}", + "id": "a07224bd-bf5c-4eee-83ac-ec7188cf1843", + "clientId": "account-console", + "name": "${client_account-console}", "rootUrl": "${authBaseUrl}", "baseUrl": "/realms/in-sylva/account/", "surrogateAuthRequired": false, "enabled": true, + "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", - "defaultRoles": [ - "view-profile", - "manage-account" - ], "redirectUris": [ "/realms/in-sylva/account/*" ], @@ -171,13 +487,25 @@ "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, - "publicClient": false, + "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "pkce.code.challenge.method": "S256" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "792ec08a-daa3-4295-8381-c5f4802320ad", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], "defaultClientScopes": [ "web-origins", "role_list", @@ -193,26 +521,44 @@ ] }, { - "id": "b2f9e7cd-22f1-4ec2-92e8-bddc1e18ebb1", - "clientId": "broker", - "name": "${client_broker}", + "id": "d7b607a2-4554-4773-8284-b43c4230e1cc", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "rootUrl": "", "surrogateAuthRequired": false, "enabled": true, + "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [], - "webOrigins": [], + "webOrigins": [ + "*" + ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, - "standardFlowEnabled": true, + "standardFlowEnabled": false, "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, + "directAccessGrantsEnabled": true, "serviceAccountsEnabled": false, - "publicClient": false, + "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "saml.assertion.signature": "false", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "exclude.session.state.from.auth.response": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, @@ -231,17 +577,18 @@ ] }, { - "id": "86dc452c-5203-4a03-a8a2-823fc0d0da04", - "clientId": "realm-management", - "name": "${client_realm-management}", + "id": "01277454-3048-4b7d-8ada-a7a41bdd093f", + "clientId": "broker", + "name": "${client_broker}", "surrogateAuthRequired": false, "enabled": true, + "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [], "webOrigins": [], "notBefore": 0, - "bearerOnly": true, + "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, @@ -269,23 +616,23 @@ ] }, { - "id": "a0c1f78a-4f97-4e96-9b76-8e7914a7cd28", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "rootUrl": "*", - "baseUrl": "*", + "id": "aec626cb-d0fc-4a80-b88f-06a7b1ec35ed", + "clientId": "in-sylva.user.app", "surrogateAuthRequired": false, "enabled": true, + "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", - "redirectUris": [], + "redirectUris": [ + "*" + ], "webOrigins": [ "*" ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, - "standardFlowEnabled": false, + "standardFlowEnabled": true, "implicitFlowEnabled": false, "directAccessGrantsEnabled": true, "serviceAccountsEnabled": false, @@ -308,6 +655,45 @@ "saml.onetimeuse.condition": "false" }, "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "role_list", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "0d1d1640-2d1e-4819-8e0e-347becb8cff3", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ @@ -325,48 +711,55 @@ ] }, { - "id": "127e56b7-10f4-47f9-a608-a8210845fc46", - "clientId": "in-sylva.user.app", - "rootUrl": "http://147.100.18.116:3000/*", - "baseUrl": "", + "id": "4ab9766f-3ee6-4c97-8187-dca1341be01f", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/in-sylva/console/", "surrogateAuthRequired": false, "enabled": true, + "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [ - "http://147.100.18.116:3000/*" + "/admin/in-sylva/console/*" ], "webOrigins": [ - "*" + "+" ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, + "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", "attributes": { - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "exclude.session.state.from.auth.response": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" + "pkce.code.challenge.method": "S256" }, "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "d45b87fe-7ae4-4fe3-bc4a-fc90ad734432", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], "defaultClientScopes": [ "web-origins", "role_list", @@ -384,7 +777,7 @@ ], "clientScopes": [ { - "id": "1c04170a-55c7-46bd-bff4-e7a54f49b173", + "id": "396592ff-fd5a-420c-8093-9490c634782d", "name": "microprofile-jwt", "description": "Microprofile - JWT built-in scope", "protocol": "openid-connect", @@ -394,7 +787,7 @@ }, "protocolMappers": [ { - "id": "2b1b11a8-6ad3-4c08-af6e-f0fbb385e21e", + "id": "b6b6fef2-ea7e-488e-a11c-6de4ee19a00b", "name": "groups", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-realm-role-mapper", @@ -409,7 +802,7 @@ } }, { - "id": "77da36f5-2c8b-408c-8e53-8996dff45588", + "id": "d21772b7-da26-44e3-ac4b-2594a319eec1", "name": "upn", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", @@ -426,7 +819,7 @@ ] }, { - "id": "964a50c8-41f6-44d4-a94b-d2673892154e", + "id": "7bab643d-98e2-47fc-9e8b-67ffb6bd9e81", "name": "web-origins", "description": "OpenID Connect scope for add allowed web origins to the access token", "protocol": "openid-connect", @@ -437,7 +830,7 @@ }, "protocolMappers": [ { - "id": "7b318044-d9e1-427f-a4bb-4c9681b3d15b", + "id": "237fd6b0-308c-41f7-998d-135ec7b3f663", "name": "allowed web origins", "protocol": "openid-connect", "protocolMapper": "oidc-allowed-origins-mapper", @@ -447,7 +840,7 @@ ] }, { - "id": "b8a3f6b6-41cb-4656-8c68-88dd0cfe5c31", + "id": "bef71160-62ab-470a-a974-7aa6e8793a3b", "name": "roles", "description": "OpenID Connect scope for add user roles to the access token", "protocol": "openid-connect", @@ -458,15 +851,7 @@ }, "protocolMappers": [ { - "id": "d0d76c4b-26ff-4648-9c49-a382ad59ceaf", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - }, - { - "id": "578e1490-7b9a-47cd-b5f9-87bd77706239", + "id": "436d5310-ba32-49d7-bcb1-7c8a2d64c011", "name": "realm roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-realm-role-mapper", @@ -480,7 +865,15 @@ } }, { - "id": "abb5f01a-3494-425e-871d-97a50bc1992c", + "id": "59d2588c-106b-4add-9c9f-8d4a7e4909f1", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + }, + { + "id": "9217fd62-eaca-45f9-932a-d44c031d8be3", "name": "client roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-client-role-mapper", @@ -496,7 +889,7 @@ ] }, { - "id": "113dd826-d7be-4075-97f3-16297b7e6129", + "id": "b285b63a-5a6b-4abc-aa6f-d093689be1ad", "name": "phone", "description": "OpenID Connect built-in scope: phone", "protocol": "openid-connect", @@ -507,39 +900,39 @@ }, "protocolMappers": [ { - "id": "96b98bde-0123-4882-850e-7aefefd3715c", - "name": "phone number", + "id": "517fcd8b-139e-49f7-a1a8-fcf6e9b4c759", + "name": "phone number verified", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", + "user.attribute": "phoneNumberVerified", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" } }, { - "id": "3e0eb42c-7dab-461c-b2cd-3b9ebe12a81e", - "name": "phone number verified", + "id": "8bbd9ed8-84ed-4e9d-9ad4-d14e29aa7a41", + "name": "phone number", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", + "user.attribute": "phoneNumber", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" + "claim.name": "phone_number", + "jsonType.label": "String" } } ] }, { - "id": "f7c3a565-17af-4235-94a3-45e4844eac3e", + "id": "1d8e0f27-17dd-4fca-a8b1-68911c2496a2", "name": "address", "description": "OpenID Connect built-in scope: address", "protocol": "openid-connect", @@ -550,7 +943,7 @@ }, "protocolMappers": [ { - "id": "ef12c1fc-81f0-4b1d-afec-27844f9b8031", + "id": "c13d35ec-73eb-43fa-bcbc-34c58ff93351", "name": "address", "protocol": "openid-connect", "protocolMapper": "oidc-address-mapper", @@ -570,7 +963,7 @@ ] }, { - "id": "60bb8f9b-08dd-4fec-8255-2a893ad9584b", + "id": "ed138310-9cf5-4c8b-88be-52949a3532a7", "name": "email", "description": "OpenID Connect built-in scope: email", "protocol": "openid-connect", @@ -581,7 +974,7 @@ }, "protocolMappers": [ { - "id": "0a9d93f1-328b-4c4d-878e-dae5d6a10510", + "id": "4c6214ec-4bcb-4adb-90ae-929f389d9795", "name": "email", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", @@ -596,7 +989,7 @@ } }, { - "id": "2025ee54-706c-4504-b617-1ca9299f20ca", + "id": "74d88ba1-6ac7-43bd-bc6a-79be1691e044", "name": "email verified", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", @@ -613,7 +1006,7 @@ ] }, { - "id": "80bdeabc-ba0d-477e-98da-34582f0c670d", + "id": "03859e18-5ceb-4125-afce-76a6bd43a8eb", "name": "profile", "description": "OpenID Connect built-in scope: profile", "protocol": "openid-connect", @@ -624,139 +1017,139 @@ }, "protocolMappers": [ { - "id": "7fa7c81d-d8d2-4b1c-ac5d-70a45a63efb0", - "name": "full name", + "id": "120f24e9-c7b1-43fa-8655-0ea3f60f6493", + "name": "picture", "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { + "userinfo.token.claim": "true", + "user.attribute": "picture", "id.token.claim": "true", "access.token.claim": "true", - "userinfo.token.claim": "true" + "claim.name": "picture", + "jsonType.label": "String" } }, { - "id": "3cd541a4-476a-4c15-beb1-db84ba9d3a27", - "name": "nickname", + "id": "4c49819f-fff1-40f2-a60e-848ba6d6c78b", + "name": "username", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "nickname", + "user.attribute": "username", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "nickname", + "claim.name": "preferred_username", "jsonType.label": "String" } }, { - "id": "3c908848-5e28-4a94-87e1-d51fc5cf8f28", - "name": "updated at", + "id": "87a91810-7dbf-49b1-a303-b149077cb03c", + "name": "website", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "updatedAt", + "user.attribute": "website", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "updated_at", + "claim.name": "website", "jsonType.label": "String" } }, { - "id": "fb6dc1a5-95f0-4090-a2c5-d1ed77bb0fb6", - "name": "family name", + "id": "89bcb937-0c85-4df5-b5d1-f86b82b590d2", + "name": "zoneinfo", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "lastName", + "user.attribute": "zoneinfo", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "family_name", + "claim.name": "zoneinfo", "jsonType.label": "String" } }, { - "id": "457b0c85-d3df-4b54-86a5-20cb4eff89f6", - "name": "middle name", + "id": "d935ef9f-a631-407e-8810-1621503ace02", + "name": "gender", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "middleName", + "user.attribute": "gender", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "middle_name", + "claim.name": "gender", "jsonType.label": "String" } }, { - "id": "fc38c8ba-b463-42cc-8ed8-b7e5bee2a2b3", - "name": "picture", + "id": "030907d9-ab8a-4820-8f1b-83aa3c0fbf01", + "name": "full name", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-full-name-mapper", "consentRequired": false, "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" + "userinfo.token.claim": "true" } }, { - "id": "420a6b0b-afce-4006-be89-8c8dc1db9d3f", - "name": "locale", + "id": "a83b4bd3-97c1-4852-82ba-a3328dbd79f0", + "name": "nickname", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "locale", + "user.attribute": "nickname", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "locale", + "claim.name": "nickname", "jsonType.label": "String" } }, { - "id": "0cfea587-e497-4e03-a912-56eaf2384915", - "name": "username", + "id": "b9dc6a2f-5b15-4c61-99db-033822b35063", + "name": "updated at", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "username", + "user.attribute": "updatedAt", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "preferred_username", + "claim.name": "updated_at", "jsonType.label": "String" } }, { - "id": "2e80e167-7291-4eb4-8fc3-25533887ca06", - "name": "zoneinfo", + "id": "7da198f7-73ea-460c-988e-94028dd7cc27", + "name": "profile", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", + "user.attribute": "profile", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "zoneinfo", + "claim.name": "profile", "jsonType.label": "String" } }, { - "id": "750b4ce2-440a-4a9b-9b4c-802c529977bc", + "id": "9ecbbb64-18bb-4c0a-9086-82f11c7080ca", "name": "birthdate", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -771,37 +1164,37 @@ } }, { - "id": "445c0535-76a5-4154-bad7-defa4ee78e92", - "name": "profile", + "id": "90d70951-7be8-4cde-a0d4-c65235656a4e", + "name": "family name", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "profile", + "user.attribute": "lastName", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "profile", + "claim.name": "family_name", "jsonType.label": "String" } }, { - "id": "3c2cb148-42ff-453a-8397-145fd85f9f29", - "name": "gender", + "id": "250ab8d3-2d00-46bc-b5aa-2e3fe3312dc9", + "name": "locale", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "gender", + "user.attribute": "locale", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "gender", + "claim.name": "locale", "jsonType.label": "String" } }, { - "id": "e8fd6495-939c-4b23-9b47-a08f29cc1552", + "id": "d49d76a9-e28d-41af-b5b0-6df8c8b56acf", "name": "given name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", @@ -816,24 +1209,24 @@ } }, { - "id": "5d22c909-f692-400d-94ad-c9f10c7a5f05", - "name": "website", + "id": "aae108bf-90d1-431c-adcb-9d9cb1264a49", + "name": "middle name", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "website", + "user.attribute": "middleName", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "website", + "claim.name": "middle_name", "jsonType.label": "String" } } ] }, { - "id": "38c7aa84-cfab-42c5-a6ef-17c78ff3f3df", + "id": "55039d7c-fbeb-4d85-8bf3-df4ee35dba13", "name": "role_list", "description": "SAML role list", "protocol": "saml", @@ -843,7 +1236,7 @@ }, "protocolMappers": [ { - "id": "602421c0-b4d6-4d01-9ce2-c289bd864e3e", + "id": "950e333d-e970-46f1-b62c-d6ba008abc92", "name": "role list", "protocol": "saml", "protocolMapper": "saml-role-list-mapper", @@ -857,7 +1250,7 @@ ] }, { - "id": "2b6c4c4e-6028-41e4-a6f0-534f7a5d3dfc", + "id": "f4bb5449-9ae0-4ed2-b78a-1a4cb647901d", "name": "offline_access", "description": "OpenID Connect built-in scope: offline_access", "protocol": "openid-connect", @@ -900,15 +1293,7 @@ "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ { - "id": "46e09adc-43b9-4a7a-853a-65f73961dc48", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "30faddcc-ccc7-4d25-a2b1-785443fce61a", + "id": "a6af7a30-6a93-4e44-8d39-168b33c5aee6", "name": "Trusted Hosts", "providerId": "trusted-hosts", "subType": "anonymous", @@ -923,10 +1308,10 @@ } }, { - "id": "5fb86f8c-a5ba-401a-a8ad-dba35f1f5e62", + "id": "fd50bc3f-2c88-46cc-8f4b-54cf253f6f3d", "name": "Allowed Client Scopes", "providerId": "allowed-client-templates", - "subType": "authenticated", + "subType": "anonymous", "subComponents": {}, "config": { "allow-default-scopes": [ @@ -935,19 +1320,7 @@ } }, { - "id": "89bc206d-4e0b-43c1-a1f3-8e7922be20c7", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "ce3a6797-f3f4-4688-a8ca-fbc2ba12e93e", + "id": "c5c4546f-5fcd-4892-a176-628bc2cb5037", "name": "Full Scope Disabled", "providerId": "scope", "subType": "anonymous", @@ -955,19 +1328,19 @@ "config": {} }, { - "id": "6ea4627c-4ac2-4239-b7a3-39887c4ab223", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", + "id": "065e0ddc-5b6f-41ed-8e2b-82d934db2fb5", + "name": "Max Clients Limit", + "providerId": "max-clients", "subType": "anonymous", "subComponents": {}, "config": { - "allow-default-scopes": [ - "true" + "max-clients": [ + "200" ] } }, { - "id": "9430b15d-8890-44d4-a895-c655898388f1", + "id": "f848db73-f14b-4265-952b-6b4471e69d90", "name": "Allowed Protocol Mapper Types", "providerId": "allowed-protocol-mappers", "subType": "authenticated", @@ -975,52 +1348,75 @@ "config": { "allowed-protocol-mapper-types": [ "oidc-full-name-mapper", - "oidc-address-mapper", - "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", - "saml-user-property-mapper", + "oidc-address-mapper", + "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", + "saml-user-property-mapper", "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper" + "oidc-usermodel-property-mapper" + ] + } + }, + { + "id": "6f0218ed-cb7e-4363-8265-545f9b99169d", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "2d11ef0f-655b-4621-a9bc-eef2d4b06616", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" ] } }, { - "id": "1d6e5de5-206c-45d4-ab7d-53d2aa0e6f88", + "id": "5c854160-98ba-4009-a9f7-1c7e873a3360", "name": "Allowed Protocol Mapper Types", "providerId": "allowed-protocol-mappers", "subType": "anonymous", "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "saml-user-property-mapper", - "saml-role-list-mapper", - "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", + "oidc-full-name-mapper", + "oidc-address-mapper", + "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", - "oidc-full-name-mapper" + "saml-role-list-mapper", + "saml-user-property-mapper" ] } } ], "org.keycloak.keys.KeyProvider": [ { - "id": "a1a7dc94-63a9-4f1f-959a-7fa669e94ac0", - "name": "rsa-generated", - "providerId": "rsa-generated", + "id": "ac0e131f-f8cf-4356-a440-2d49c3d8e54c", + "name": "hmac-generated", + "providerId": "hmac-generated", "subComponents": {}, "config": { "priority": [ "100" + ], + "algorithm": [ + "HS256" ] } }, { - "id": "abde063c-eeb9-4605-b51d-458afb2d15e2", - "name": "aes-generated", - "providerId": "aes-generated", + "id": "6e89ad58-7eb1-4d65-996b-124796b6cfd3", + "name": "rsa-generated", + "providerId": "rsa-generated", "subComponents": {}, "config": { "priority": [ @@ -1029,16 +1425,13 @@ } }, { - "id": "5292e1fe-8d5a-4281-aacb-e31b26244224", - "name": "hmac-generated", - "providerId": "hmac-generated", + "id": "7a21714d-d34b-4e0c-86df-62e22a2cd282", + "name": "aes-generated", + "providerId": "aes-generated", "subComponents": {}, "config": { "priority": [ "100" - ], - "algorithm": [ - "HS256" ] } } @@ -1048,7 +1441,7 @@ "supportedLocales": [], "authenticationFlows": [ { - "id": "3d499af4-6912-4f62-9428-e2bf6d35043a", + "id": "a2139b89-3f72-4d4c-a24e-39594fc97323", "alias": "Account verification options", "description": "Method with which to verity the existing account", "providerId": "basic-flow", @@ -1072,7 +1465,7 @@ ] }, { - "id": "bd1e3c65-221e-4b4e-b197-07527dd5b331", + "id": "7832171a-e3bd-4673-a57e-6f3345806a1e", "alias": "Authentication Options", "description": "Authentication options.", "providerId": "basic-flow", @@ -1103,7 +1496,7 @@ ] }, { - "id": "86f2aef4-c542-495e-8424-db5bdbf72f53", + "id": "19a6c402-6b19-42e0-b9b6-ce9d5d918606", "alias": "Browser - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1127,7 +1520,7 @@ ] }, { - "id": "61cc57e2-f571-4559-8ef9-d52ab46faa90", + "id": "c2b78371-9893-443e-926b-feac5904303f", "alias": "Direct Grant - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1151,7 +1544,7 @@ ] }, { - "id": "e3e0f7ec-34f4-4db4-99c0-552d6f654b34", + "id": "f4da91da-efd9-4d08-a04f-0439a510ff77", "alias": "First broker login - Conditional OTP", "description": "Flow to determine if the OTP is required for the authentication", "providerId": "basic-flow", @@ -1175,7 +1568,7 @@ ] }, { - "id": "9b95f645-6dbf-4b28-998f-e334b84333c3", + "id": "e33d83fc-15b6-4058-9887-72eb482f6932", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", @@ -1199,7 +1592,7 @@ ] }, { - "id": "a3e630b3-ebd0-4d96-9417-15d2033cb359", + "id": "129c94dd-9a50-4914-8f8f-bbd1bf72232e", "alias": "Reset - Conditional OTP", "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId": "basic-flow", @@ -1223,7 +1616,7 @@ ] }, { - "id": "e0ad456c-de8f-4ad6-8ad7-ca4d5dc56335", + "id": "5f51243f-7623-402c-b623-8a2adafca153", "alias": "User creation or linking", "description": "Flow for the existing/non-existing user alternatives", "providerId": "basic-flow", @@ -1248,7 +1641,7 @@ ] }, { - "id": "0e305649-1400-44ca-9ee5-b95c488be7be", + "id": "b6923d5f-1c37-4e4f-9203-91445247fce9", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", @@ -1272,7 +1665,7 @@ ] }, { - "id": "a3e5621d-a037-4435-9676-b5e5c0b631b6", + "id": "cb9a8088-c3a7-45fd-b953-1c3ef36dc822", "alias": "browser", "description": "browser based authentication", "providerId": "basic-flow", @@ -1310,7 +1703,7 @@ ] }, { - "id": "3ed47bf2-b7ac-4937-8a77-ad6d82a769e2", + "id": "19a46011-2202-43f7-8ea7-2f4f15952a90", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", @@ -1348,7 +1741,7 @@ ] }, { - "id": "e317df19-1837-4e75-9cb4-c16a107f32d9", + "id": "ebc82afa-1c31-454a-8dbc-dfb65d650907", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", @@ -1379,7 +1772,7 @@ ] }, { - "id": "344a1fd3-0260-46c3-8d10-9f895e061562", + "id": "cee70a7d-f28e-4ca2-a7e7-9dfe105af9fe", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", @@ -1396,7 +1789,7 @@ ] }, { - "id": "377d5ceb-6308-4d69-91d7-8419783b3c91", + "id": "3dec4597-dcb3-43ad-8bc0-5f7b3bd48054", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", @@ -1421,7 +1814,7 @@ ] }, { - "id": "8ba9e0cd-796c-4ba6-8b8f-e735112fe04b", + "id": "7b5399b1-b9a5-4c5d-976b-8485fcb250a5", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", @@ -1445,7 +1838,7 @@ ] }, { - "id": "0acca80a-00c4-4304-81b8-3a508724edf7", + "id": "b5e3b34a-d8bf-449e-8dc3-7ef506c1de0e", "alias": "http challenge", "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", "providerId": "basic-flow", @@ -1469,7 +1862,7 @@ ] }, { - "id": "369b3ddc-9936-4bd6-b574-af74e539f34b", + "id": "67797277-6962-41bb-afaa-b49c831ead13", "alias": "registration", "description": "registration flow", "providerId": "basic-flow", @@ -1487,7 +1880,7 @@ ] }, { - "id": "240299c7-443d-40f3-bb5d-ad6889390602", + "id": "a8c284f1-4928-4cec-a255-191cad577a9d", "alias": "registration form", "description": "registration form", "providerId": "form-flow", @@ -1525,7 +1918,7 @@ ] }, { - "id": "b5e966e6-a12d-4078-9092-31c57be9d773", + "id": "311c6dc3-027b-446d-903a-a65d761cdf86", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", @@ -1563,7 +1956,7 @@ ] }, { - "id": "45076642-ff33-4a6a-aa14-c24483f6600d", + "id": "8ffa52c2-ddfc-481d-9306-21ce869ccd1e", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", @@ -1582,14 +1975,14 @@ ], "authenticatorConfig": [ { - "id": "a6aff143-7f49-4b92-b7f5-327e3d4cc572", + "id": "71a0897e-b630-442a-9399-5428a1ab90a8", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { - "id": "d550b17d-687b-4b2c-91a2-47e3804ef889", + "id": "66e0989d-9e2d-493f-909d-108bbd0bb69e", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" @@ -1641,6 +2034,15 @@ "defaultAction": false, "priority": 50, "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} } ], "browserFlow": "browser", @@ -1649,36 +2051,7 @@ "resetCredentialsFlow": "reset credentials", "clientAuthenticationFlow": "clients", "dockerAuthenticationFlow": "docker auth", - "attributes": { - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "_browser_header.xRobotsTag": "none", - "webAuthnPolicyRpEntityName": "keycloak", - "failureFactor": "30", - "actionTokenGeneratedByUserLifespan": "300", - "maxDeltaTimeSeconds": "43200", - "webAuthnPolicySignatureAlgorithms": "ES256", - "offlineSessionMaxLifespan": "5184000", - "_browser_header.contentSecurityPolicyReportOnly": "", - "bruteForceProtected": "false", - "_browser_header.contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "_browser_header.xXSSProtection": "1; mode=block", - "_browser_header.xFrameOptions": "SAMEORIGIN", - "_browser_header.strictTransportSecurity": "max-age=31536000; includeSubDomains", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "permanentLockout": "false", - "quickLoginCheckMilliSeconds": "1000", - "webAuthnPolicyCreateTimeout": "0", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "maxFailureWaitSeconds": "900", - "minimumQuickLoginWaitSeconds": "60", - "webAuthnPolicyAvoidSameAuthenticatorRegister": "false", - "_browser_header.xContentTypeOptions": "nosniff", - "actionTokenGeneratedByAdminLifespan": "43200", - "waitIncrementSeconds": "60", - "offlineSessionMaxLifespanEnabled": "false" - }, - "keycloakVersion": "8.0.0", + "attributes": {}, + "keycloakVersion": "9.0.3", "userManagedAccessAllowed": true } \ No newline at end of file