diff --git a/.env b/.env index 3ae1589e5..5ffbdb2eb 100644 --- a/.env +++ b/.env @@ -1,2 +1,13 @@ LOCAL=true DEVELOPMENT=true +KEYCLOAK=false + +DISPLAY= ${DISPLAY} +RAILS_DB_NAME=skills_development +RAILS_DB_USERNAME=skills +RAILS_DB_PASSWORD=skills + +# Postgres +POSTGRES_DB=skills_development +POSTGRES_USER=skills +POSTGRES_PASSWORD=skills diff --git a/.github/workflows/rails.yml b/.github/workflows/rails.yml index 0215078ef..f7a208dcc 100644 --- a/.github/workflows/rails.yml +++ b/.github/workflows/rails.yml @@ -39,19 +39,19 @@ jobs: - name: 'Run database migrations' env: RAILS_ENV: test - PGHOST: ${{ env.PGHOST }} - POSTGRES_DB: ${{ env.POSTGRES_DB }} - POSTGRES_USER: ${{ env.POSTGRES_USER }} - POSTGRES_PASSWORD: ${{ env.POSTGRES_PASSWORD }} + RAILS_DB_HOST: ${{ env.PGHOST }} + RAILS_DB_NAME: ${{ env.POSTGRES_DB }} + RAILS_DB_USERNAME: ${{ env.POSTGRES_USER }} + RAILS_DB_PASSWORD: ${{ env.POSTGRES_PASSWORD }} run: | bundle exec rake db:create db:migrate - name: 'Run tests' env: PGHOST: ${{ env.PGHOST }} - POSTGRES_DB: ${{ env.POSTGRES_DB }} - POSTGRES_USER: ${{ env.POSTGRES_USER }} - POSTGRES_PASSWORD: ${{ env.POSTGRES_PASSWORD }} + RAILS_DB_NAME: ${{ env.POSTGRES_DB }} + RAILS_DB_USERNAME: ${{ env.POSTGRES_USER }} + RAILS_DB_PASSWORD: ${{ env.POSTGRES_PASSWORD }} IS_CI: true run: bundle exec rake diff --git a/Procfile.assets b/Procfile.assets index fe2ac8ac7..7986d6dc6 100644 --- a/Procfile.assets +++ b/Procfile.assets @@ -1,2 +1,2 @@ -js: yarn build --watch +js: yarn build --watch=forever css: yarn watch:css diff --git a/README.md b/README.md index 9b3a7def9..2d931af3e 100644 --- a/README.md +++ b/README.md @@ -38,9 +38,6 @@ You will need the following things properly installed on your computer: - [RVM (Ruby Version Manager)](https://rvm.io/) ([installation](https://rvm.io/rvm/install) requires `curl` and `gpg`) - Either [PostgreSQL](https://www.postgresql.org/) or [Docker](https://www.docker.com/) for the Database (Docker is recommended) -## Setup dockerized Application👩🏽‍💻 -We're glad you want to setup your machine for PuzzleSkills development 💃 - ## Openshift deployment To deploy the project to openshift make sure you set the following environment variables: - LOCAL=false @@ -50,6 +47,8 @@ To deploy the project to openshift make sure you set the following environment v - realm: - admin_role: (Not required) +## Setup dockerized Application👩🏽‍💻 +We're glad you want to setup your machine for PuzzleSkills development 💃 ### Windows users If you're on Windows you should be able to Download Ubuntu from Microsoft Store. Note that you need to enable Subsystem for Linux and virtual machine platform in your Windows features. @@ -67,33 +66,47 @@ git clone https://github.com/puzzle/skills.git && cd ~/git/skills ⚡ If your user id is not 1000 (run id -u to check), you need to export this as env variable: **export UID=$UID** before running any of the further commands. Maybe you want to add this to your bashrc. ## Start Development Containers +docker whale + +**Without Keycloak (recommended)** +Since this is the default, you don't have to do anything and can run all commands inside the root of the project. + +**With Keycloak** +To use the application with Keycloak, navigate to `config/docker/keycloak` and run all commands from this directory. +You can log in either as `user` or as `admin`. The password for both accounts is `password`. + + +### Start application To start the PuzzleSkills application, run the following commands in your shell: ```bash -docker compose build docker compose up -d ``` -⚡ This will also install all required gems and seed the database, which takes some time to complete if it's executed the first time. You can follow the progress using `docker-compose logs --follow rails` (exit with Ctrl+C). +⚡ This will also install all required gems and seed the database, which takes some time to complete if it's executed the first time. You can follow the progress using `docker logs -f rails` (exit with Ctrl+C). -After the startup has completed (once you see `Listening on tcp://0.0.0.0:4200` in the logs), make sure all services are up and running: +After the startup has completed (once you see `Listening on http://0.0.0.0:3000` in the logs), make sure all services are up and running: ```bash -docker-compose ps +docker ps ``` This should look something like this: ``` -Name Command State Ports -------------------------------------------------------------------------------------------------------- -skills-ember-1 skills-postgres-1 Up 0.0.0.0:4200->4200/tcp, :::4200->4200/tcp -skills-postgres-1 docker-entrypoint.s… Up 0.0.0.0:5432->5432/tcp, :::5432->5432/tcp -skills-rails-1 rails-entrypoint ra… Up 0.0.0.0:3000->3000/tcp, :::3000->3000/tcp +IMAGE COMMAND PORTS NAMES +ruby:3.2 "/bin/bash -c '\n apt…" assets +skills-dev/rails "rails-entrypoint ra…" 0.0.0.0:3000->3000/tcp, :::3000->3000/tcp rails +postgres:16 "docker-entrypoint.s…" 0.0.0.0:5432->5432/tcp, :::5432->5432/tcp postgres ``` -Access the web application by browser: http://localhost:4200 and enjoy the ride! -docker whale +Access the web application by browser: http://localhost:3000 and enjoy the ride! + +## Debugging +To interact with `pry` inside a controller, you have to attach to the container first using `docker attach rails`. +This will show you any **new** logs, and if you encounter a `pry` prompt, you can interact with it. +To detach from the container without stopping it, press `CTRL + p` then `CTRL + q`. + ## Testing diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index ed91f73f7..be8fb2dd7 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -7,9 +7,11 @@ class ApplicationController < ActionController::Base helper_method :find_profile_by_keycloak_user def authenticate_auth_user! - return super unless helpers.development? + return super unless helpers.devise? admin = AuthUser.find_by(email: 'admin@skills.ch') + raise 'User not found. This is highly likely due to a non-seeded database.' unless admin + request.env['warden'].set_user(admin, :scope => :auth_user) end @@ -29,10 +31,4 @@ def render_error(title_key, body_key, status = :bad_request) body: translate("devise.failure.#{body_key}") }, :status => status end - - protected - - def find_profile_by_keycloak_user - Person.find_by(name: current_auth_user&.name) - end end diff --git a/app/controllers/concerns/param_converters.rb b/app/controllers/concerns/param_converters.rb index 8325fcbb3..e9c103a0d 100644 --- a/app/controllers/concerns/param_converters.rb +++ b/app/controllers/concerns/param_converters.rb @@ -1,15 +1,25 @@ # frozen_string_literal: true module ParamConverters - private + TRUTHY_VALUES = %w(t true yes y 1).freeze + FALSEY_VALUES = %w(f false n no 0).freeze + + def true?(value) - %w[1 yes true].include?(value.to_s.downcase) + TRUTHY_VALUES.include?(value.to_s.downcase) end def false?(value) - %w[0 no false].include?(value.to_s.downcase) + FALSEY_VALUES.include?(value.to_s.downcase) + end + + def to_boolean(value) + return true if true?(value) + return false if false?(value) + + raise "Invalid value '#{value}' for boolean casting" end def nil_param?(value) diff --git a/app/helpers/auth_helper.rb b/app/helpers/auth_helper.rb index bade937ae..e98dfa99d 100644 --- a/app/helpers/auth_helper.rb +++ b/app/helpers/auth_helper.rb @@ -9,7 +9,12 @@ def admin? current_auth_user&.is_admin end - def development? - ENV['DEVELOPMENT'] == 'true' && ENV['RAILS_ENV'] == 'development' + def find_person_by_auth_user + Person.find_by(name: current_auth_user&.name) + end + + # This method returns true if the user should be authenticated by devise + def devise? + AuthConfig.keycloak? || !Rails.env.test? end end diff --git a/app/models/auth_user.rb b/app/models/auth_user.rb index aa1bf6a60..4d115b5ab 100644 --- a/app/models/auth_user.rb +++ b/app/models/auth_user.rb @@ -23,8 +23,11 @@ def set_admin(person, auth) end def admin?(auth) - resources = auth.extra.raw_info.resource_access[AuthConfig.client_id] - resources.roles.include? AuthConfig.admin_role + client_roles(auth).include? AuthConfig.admin_role + end + + def client_roles(auth) + auth.extra&.raw_info&.resource_access&.[](AuthConfig.client_id)&.roles || [] end end end diff --git a/app/views/layouts/application.html.haml b/app/views/layouts/application.html.haml index 35fd8c8d7..581c4cc15 100644 --- a/app/views/layouts/application.html.haml +++ b/app/views/layouts/application.html.haml @@ -20,24 +20,36 @@ %img{:src=> "/assets/logo.svg",:height=>"32"} %text.d-flex.align-items-end.ms-2.small= "5.0.0" %ul.navbar.text-gray - %li.d-flex.align-items-center.cursor-pointer.ps-2.pe-2.border-start.border-end.h-100 - %div.scale-icon-06(name="user") - %span#username - - if find_profile_by_keycloak_user.nil? - = link_to current_auth_user&.name, people_path(alert: "true") - - else - = link_to find_profile_by_keycloak_user.name, person_path(find_profile_by_keycloak_user) - - if admin? - (Admin) - %li.d-flex.align-items-center.cursor-pointer.ps-2.pe-2 - %a.d-flex.align-items-center{:href => "https://github.com/puzzle/skills/issues"} - %pzsh-icon.scale-icon-08.text-gray(name="question-circle") - %li.d-flex.align-items-center.cursor-pointer.border-start.border-end.h-100.ps-2.pe-2{"data-action": "click->skills-empty-space#goCrazy"} - - if !development? + - if Rails.env.development? + %li.d-flex.align-items-center.cursor-pointer.ps-2.pe-2.border-start.border-end.h-100 + %span#username + - if devise? + Devise + - else + Mockdata + -# Username + - if auth_user_signed_in? + %li.d-flex.align-items-center.cursor-pointer.ps-2.pe-2.border-start.border-end.h-100 + %div.scale-icon-06(name="user") + %span#username + - if find_person_by_auth_user.nil? + = link_to current_auth_user&.name, people_path(alert: "true") + - else + = link_to find_person_by_auth_user.name, person_path(find_person_by_auth_user) + - if admin? + (Admin) + -# Login/Logout + - if devise? + %li.d-flex.align-items-center.cursor-pointer.border-start.border-end.h-100.ps-2.pe-2 - if auth_user_signed_in? - =link_to "Logout", destroy_auth_user_session_path, data: { "turbo-method": :delete} + =link_to "Logout", destroy_auth_user_session_path, data: { "turbo-method": :delete}, class: "btn btn-link" - elsif devise_mapping.omniauthable? =button_to "Login", omniauth_authorize_path(resource_name, resource_class.omniauth_providers.first), {data: { "turbo": false }, class: "btn btn-link"} + -# Help + %li.d-flex.align-items-center.cursor-pointer.ps-2.pe-2.border-start.h-100 + %a.d-flex.align-items-center{:href => "https://github.com/puzzle/skills/issues"} + %pzsh-icon.scale-icon-08.text-gray(name="question-circle") + %li.d-flex.align-items-center.cursor-pointer.border-start.border-end.h-100.ps-2.pe-2{"data-action": "click->skills-empty-space#goCrazy"} %div.puzzle-header %div.d-flex.h-100 %ul.navbar.h-100 diff --git a/config/auth.yml b/config/auth.yml index e75234098..dc9300966 100644 --- a/config/auth.yml +++ b/config/auth.yml @@ -1,5 +1,5 @@ -client_id: pitc_skills_rails_backend +admin_role: ADMIN +host_url: +realm: +client_id: secret: -host_url: https://sso-test.puzzle.ch -realm: pitc -admin_role: ADMIN \ No newline at end of file diff --git a/config/docker/development/Ember.dockerfile b/config/docker/development/Ember.dockerfile deleted file mode 100644 index 5148d5eab..000000000 --- a/config/docker/development/Ember.dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -FROM danlynn/ember-cli:3.28.2-node_14.18 - -RUN chown 1000:1000 /myapp - -COPY ember-entrypoint /usr/local/bin - -USER 1000 - -RUN yarn install -ENTRYPOINT ["ember-entrypoint"] -CMD ember serve --proxy=http://rails:3000 \ No newline at end of file diff --git a/config/docker/development/Rails.dockerfile b/config/docker/development/Rails.dockerfile index ee8a5eedf..1cdce459f 100644 --- a/config/docker/development/Rails.dockerfile +++ b/config/docker/development/Rails.dockerfile @@ -9,12 +9,11 @@ WORKDIR /myapp COPY ./rails-entrypoint /usr/local/bin -RUN curl -sL https://deb.nodesource.com/setup_14.x | bash - +RUN curl -fsSL https://deb.nodesource.com/setup_18.x | bash - RUN apt-get update RUN apt-get install direnv -y RUN apt-get install firefox-esr -y -RUN apt-get install nodejs -y -RUN apt-get install npm -y +RUN apt-get install -y nodejs RUN npm install -g yarn RUN mkdir /opt/bundle && chmod 777 /opt/bundle diff --git a/config/docker/development/ember-entrypoint b/config/docker/development/ember-entrypoint deleted file mode 100755 index fa3e6b02d..000000000 --- a/config/docker/development/ember-entrypoint +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -set -e - -yarn install - -exec "$@" \ No newline at end of file diff --git a/config/docker/development/rails-entrypoint b/config/docker/development/rails-entrypoint index ba0e50bf6..391a1d8ab 100755 --- a/config/docker/development/rails-entrypoint +++ b/config/docker/development/rails-entrypoint @@ -5,7 +5,7 @@ set -e rm -f tmp/pids/server.pid echo "running bundle install" -gem install bundler -v 2.2.17 +gem install bundler -v 2.4.10 bundle install yarn install --check-files diff --git a/config/docker/keycloak/docker-compose.override.yml b/config/docker/keycloak/docker-compose.override.yml new file mode 100644 index 000000000..4306014af --- /dev/null +++ b/config/docker/keycloak/docker-compose.override.yml @@ -0,0 +1,3 @@ +services: + rails: + env_file: rails.env \ No newline at end of file diff --git a/config/docker/keycloak/docker-compose.yml b/config/docker/keycloak/docker-compose.yml index faa8dc3da..f1801c6e1 100644 --- a/config/docker/keycloak/docker-compose.yml +++ b/config/docker/keycloak/docker-compose.yml @@ -1,45 +1,16 @@ -version: '3' +include: + - ../../../docker-compose.yml services: keycloak: container_name: keycloak - image: quay.io/keycloak/keycloak:8.0.1 + image: quay.io/keycloak/keycloak:23.0.7 env_file: keycloak.env - command: "-Djboss.socket.binding.port-offset=100 -Dkeycloak.import=/realm-export.json -Dkeycloak.migration.strategy=IGNORE_EXISTING" ports: - - 8180:8180 + - 8080:8080 + command: + - start-dev + - --import-realm + - --http-relative-path=/auth volumes: - - ${PWD}/realm-export.json:/realm-export.json - depends_on: - - postgres - postgres: - image: postgres - volumes: - - postgres_data:/var/lib/postgresql/data - env_file: keycloak.env - web: - image: puzzle/skills:latest - container_name: skills_web - ports: - - '8080:3000' - depends_on: - - db - env_file: - - skills.env - volumes: - - skills-store:/opt/app-root/src/uploads/ - db: - image: postgres:9.5.7 - container_name: skills_db - ports: - - '5432:5432' - restart: always - env_file: - - skills.env - volumes: - - skills-postgresql:/var/lib/postgresql/data - -volumes: - postgres_data: - skills-postgresql: - skills-store: + - ${PWD}/pitc-with-users.json:/opt/keycloak/data/import/realm.json \ No newline at end of file diff --git a/config/docker/keycloak/keycloak.env b/config/docker/keycloak/keycloak.env index 473eb9d25..d0b6a6a95 100644 --- a/config/docker/keycloak/keycloak.env +++ b/config/docker/keycloak/keycloak.env @@ -1,15 +1,7 @@ -#Keycloak container -DB_VENDOR=POSTGRES -DB_ADDR=postgres -DB_DATABASE=keycloak -DB_USER=keycloak -DB_SCHEMA=public -DB_PASSWORD=password -KEYCLOAK_USER=admin +KEYCLOAK_USER=user KEYCLOAK_PASSWORD=password -KEYCLOAK_LOGLEVEL=INFO -#Postgres container keyclaok -POSTGRES_DB=keycloak -POSTGRES_USER=keycloak -POSTGRES_PASSWORD=password +KEYCLOAK_ADMIN=admin +KEYCLOAK_ADMIN_PASSWORD=password + +KEYCLOAK_LOGLEVEL=INFO diff --git a/config/docker/keycloak/pitc-with-users.json b/config/docker/keycloak/pitc-with-users.json new file mode 100644 index 000000000..730f76330 --- /dev/null +++ b/config/docker/keycloak/pitc-with-users.json @@ -0,0 +1,1864 @@ +{ + "id" : "d5cc747c-71c8-47c9-a85f-14d278662035", + "realm" : "pitc", + "notBefore" : 0, + "defaultSignatureAlgorithm" : "RS256", + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 300, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "oauth2DeviceCodeLifespan" : 600, + "oauth2DevicePollingInterval" : 5, + "enabled" : true, + "sslRequired" : "external", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : false, + "loginWithEmailAllowed" : true, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "63eb236d-69ac-403f-83d1-034a11c77c89", + "name" : "default-roles-pitc", + "description" : "${role_default-roles}", + "composite" : true, + "composites" : { + "realm" : [ "offline_access", "uma_authorization" ], + "client" : { + "account" : [ "manage-account", "view-profile" ] + } + }, + "clientRole" : false, + "containerId" : "d5cc747c-71c8-47c9-a85f-14d278662035", + "attributes" : { } + }, { + "id" : "6f78004f-2af1-4dc5-b7d6-14aee5930ac5", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "d5cc747c-71c8-47c9-a85f-14d278662035", + "attributes" : { } + }, { + "id" : "b56f9c32-9122-4774-afb3-07637b6b50bb", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "d5cc747c-71c8-47c9-a85f-14d278662035", + "attributes" : { } + } ], + "client" : { + "realm-management" : [ { + "id" : "a5883271-8f61-4a3e-8e3f-d01200c9dde8", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "cb6bf679-da67-49d6-bf53-225dd2677cdc", + "attributes" : { } + }, { + "id" : "7a320d31-af48-40d2-92e3-82bda3f37ebc", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "cb6bf679-da67-49d6-bf53-225dd2677cdc", + "attributes" : { } + }, { + "id" : "899329de-0f9a-42c6-acb0-59a3333530cf", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "cb6bf679-da67-49d6-bf53-225dd2677cdc", + "attributes" : { } + }, { + "id" : "fb403c93-7d33-4840-b37d-957e01997ae5", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "cb6bf679-da67-49d6-bf53-225dd2677cdc", + "attributes" : { } + }, { + "id" : "b85d3f87-53ce-4538-ab0d-f75396cd3361", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "cb6bf679-da67-49d6-bf53-225dd2677cdc", + "attributes" : { } + }, { + "id" : "13f74de9-8f72-4933-9a5c-df8ca4bc0dfc", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "cb6bf679-da67-49d6-bf53-225dd2677cdc", + "attributes" : { } + }, { + "id" : "2ae778d1-6cd7-4097-93bd-560410cba3f5", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "cb6bf679-da67-49d6-bf53-225dd2677cdc", + "attributes" : { } + }, { + "id" : "df087c35-3042-4cff-ac5e-b32ed43a840d", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "cb6bf679-da67-49d6-bf53-225dd2677cdc", + "attributes" : { } + }, { + "id" : "2db38e81-5d05-4c57-8f06-ea4a009d2053", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "cb6bf679-da67-49d6-bf53-225dd2677cdc", + "attributes" : { } + }, { + "id" : "60010992-9eac-4a29-b4e7-82516a1df0a0", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "cb6bf679-da67-49d6-bf53-225dd2677cdc", + "attributes" : { } + }, { + "id" : "a6654cf5-c6a8-43b9-bb19-2f9f1835a902", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "cb6bf679-da67-49d6-bf53-225dd2677cdc", + "attributes" : { } + }, { + "id" : "1432fd4a-1cc3-4ef1-a887-0769932c0f62", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "cb6bf679-da67-49d6-bf53-225dd2677cdc", + "attributes" : { } + }, { + "id" : "39d5f9c0-3ff7-4100-b5fa-c02d4beba215", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-users", "query-groups" ] + } + }, + "clientRole" : true, + "containerId" : "cb6bf679-da67-49d6-bf53-225dd2677cdc", + "attributes" : { } + }, { + "id" : "a58e016e-cd85-4bdc-b1f8-386be18a27f7", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "cb6bf679-da67-49d6-bf53-225dd2677cdc", + "attributes" : { } + }, { + "id" : "6d4ce8c2-fe12-43c2-94e3-830a01b1627b", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "cb6bf679-da67-49d6-bf53-225dd2677cdc", + "attributes" : { } + }, { + "id" : "13e51875-27c7-40c9-be0c-dff5cb75fca8", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "cb6bf679-da67-49d6-bf53-225dd2677cdc", + "attributes" : { } + }, { + "id" : "4902a24a-9731-4715-a9d2-f9d786568702", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "cb6bf679-da67-49d6-bf53-225dd2677cdc", + "attributes" : { } + }, { + "id" : "fdcab673-5c4b-421c-827e-c5f986f5e4ea", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "manage-users", "view-clients", "manage-authorization", "view-events", "view-authorization", "impersonation", "query-realms", "query-groups", "create-client", "view-realm", "view-identity-providers", "manage-identity-providers", "view-users", "manage-events", "query-users", "query-clients", "manage-clients", "manage-realm" ] + } + }, + "clientRole" : true, + "containerId" : "cb6bf679-da67-49d6-bf53-225dd2677cdc", + "attributes" : { } + }, { + "id" : "f4dd4472-f8b9-4716-928d-cf714f939740", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "cb6bf679-da67-49d6-bf53-225dd2677cdc", + "attributes" : { } + } ], + "security-admin-console" : [ ], + "admin-cli" : [ ], + "pitc-skills-dev" : [ { + "id" : "797d9445-d2a8-454f-8dfc-77a5b1eab2f0", + "name" : "ADMIN", + "description" : "", + "composite" : false, + "clientRole" : true, + "containerId" : "0920fa1c-77ae-49f3-9707-4ff3fe54e8cc", + "attributes" : { } + } ], + "account-console" : [ ], + "broker" : [ { + "id" : "dce529f5-d89e-4647-8a3e-89d70a92287a", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "e13d93f2-9c32-485f-8b29-c38b23322ee8", + "attributes" : { } + } ], + "account" : [ { + "id" : "4125027c-bbdc-480a-9346-52b880c413ca", + "name" : "view-groups", + "description" : "${role_view-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "11d189aa-e46e-4072-baaf-53b4791681bb", + "attributes" : { } + }, { + "id" : "12b5c78b-1ae3-428e-b63b-16a4b9520ea4", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "11d189aa-e46e-4072-baaf-53b4791681bb", + "attributes" : { } + }, { + "id" : "23f863dc-1b83-42de-90d4-65e1170d89cd", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } + }, + "clientRole" : true, + "containerId" : "11d189aa-e46e-4072-baaf-53b4791681bb", + "attributes" : { } + }, { + "id" : "40da1288-8dda-4ff9-ba9d-4be5a2ac019d", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, + "clientRole" : true, + "containerId" : "11d189aa-e46e-4072-baaf-53b4791681bb", + "attributes" : { } + }, { + "id" : "cb3af712-1f53-41af-81ae-952f8307c94f", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "11d189aa-e46e-4072-baaf-53b4791681bb", + "attributes" : { } + }, { + "id" : "fc4543b8-d2b5-4f67-b67b-f6a089c3083b", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "11d189aa-e46e-4072-baaf-53b4791681bb", + "attributes" : { } + }, { + "id" : "fe959574-fb26-4185-8478-358648ae6afd", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "11d189aa-e46e-4072-baaf-53b4791681bb", + "attributes" : { } + }, { + "id" : "f179d0db-20da-44aa-ad4a-24dc6b618676", + "name" : "delete-account", + "description" : "${role_delete-account}", + "composite" : false, + "clientRole" : true, + "containerId" : "11d189aa-e46e-4072-baaf-53b4791681bb", + "attributes" : { } + } ] + } + }, + "groups" : [ ], + "defaultRole" : { + "id" : "63eb236d-69ac-403f-83d1-034a11c77c89", + "name" : "default-roles-pitc", + "description" : "${role_default-roles}", + "composite" : true, + "clientRole" : false, + "containerId" : "d5cc747c-71c8-47c9-a85f-14d278662035" + }, + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpPolicyCodeReusable" : false, + "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], + "localizationTexts" : { }, + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyExtraOrigins" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessExtraOrigins" : [ ], + "users" : [ { + "id" : "c11e532c-0034-42ec-9dd0-d4f13a2f1b31", + "createdTimestamp" : 1714738279550, + "username" : "admin", + "enabled" : true, + "totp" : false, + "emailVerified" : true, + "firstName" : "Andreas", + "lastName" : "Admin", + "email" : "admin@skills.ch", + "credentials" : [ { + "id" : "6261445b-78fe-4b3e-9112-e94f27589b1b", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1714738292171, + "secretData" : "{\"value\":\"n6JLYxhXXLYGAMe5Owa0CIN2XvXOA8t/JW+Tht3865w=\",\"salt\":\"vKaCZVT6FN5pBhPdx3Gu+A==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-pitc" ], + "clientRoles" : { + "pitc-skills-dev" : [ "ADMIN" ] + }, + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "1de0be91-32de-4c21-949d-92d2ca9bcda4", + "createdTimestamp" : 1714738232534, + "username" : "user", + "enabled" : true, + "totp" : false, + "emailVerified" : true, + "firstName" : "Ursula", + "lastName" : "User", + "email" : "user@skills.ch", + "credentials" : [ { + "id" : "f8e09d98-5a87-4d68-853f-156b7674cdaa", + "type" : "password", + "userLabel" : "My password", + "createdDate" : 1714738253053, + "secretData" : "{\"value\":\"Q6CSlKt7GxQ6wB1SCDRUr281cE8WfFH6jvZLiQhFFH0=\",\"salt\":\"+cmuVI93Y+AN5Hu7MTLa2w==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-pitc" ], + "notBefore" : 0, + "groups" : [ ] + } ], + "scopeMappings" : [ { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account", "view-groups" ] + } ] + }, + "clients" : [ { + "id" : "11d189aa-e46e-4072-baaf-53b4791681bb", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/pitc/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/pitc/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "239fff98-bed7-4647-9687-e2d963875955", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/pitc/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/realms/pitc/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "74414c15-3c90-418a-a8f3-ba74cfd55445", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "95f7db1d-1793-4cde-b77e-d48a39d429da", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "e13d93f2-9c32-485f-8b29-c38b23322ee8", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "0920fa1c-77ae-49f3-9707-4ff3fe54e8cc", + "clientId" : "pitc-skills-dev", + "name" : "Puzzle skills development", + "description" : "", + "rootUrl" : "", + "adminUrl" : "", + "baseUrl" : "", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "Hr3e9BSzyfRSkUksFkgLgFgIhK91aFPk", + "redirectUris" : [ "*" ], + "webOrigins" : [ "*" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : true, + "protocol" : "openid-connect", + "attributes" : { + "oidc.ciba.grant.enabled" : "false", + "client.secret.creation.time" : "1714738199", + "backchannel.logout.session.required" : "true", + "post.logout.redirect.uris" : "*", + "oauth2.device.authorization.grant.enabled" : "false", + "backchannel.logout.revoke.offline.tokens" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "cb6bf679-da67-49d6-bf53-225dd2677cdc", + "clientId" : "realm-management", + "name" : "${client_realm-management}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "017461fd-219d-47f4-88fa-0941aba25858", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/pitc/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "/admin/pitc/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "post.logout.redirect.uris" : "+", + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "f5f012dc-141d-4fec-9557-ac6c77966610", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + } ], + "clientScopes" : [ { + "id" : "00bc161c-5971-471c-9505-e5d14bd8201c", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${emailScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "d5eed70c-b019-46ff-8484-18970206fb69", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + }, { + "id" : "97352435-dead-4812-92b3-1e5af0b6d88e", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + } ] + }, { + "id" : "1cb40e6c-0464-4d01-8b7e-44606140ea94", + "name" : "acr", + "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "745dee0f-580a-45c2-80f4-bf9fdfa59001", + "name" : "acr loa level", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-acr-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + } ] + }, { + "id" : "52e51ac9-2acb-491b-80f9-d95563f848ee", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "435a1b1f-53a5-4181-b25a-64479256fb12", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "ebb16496-e276-4f0b-8649-fdcbe7b2a9e4", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${rolesScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "0f61a488-c9a5-4e5a-a4a0-900ac9a2abbe", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + }, { + "id" : "94c75b89-6046-431e-83d5-4c153319756d", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "multivalued" : "true", + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String" + } + }, { + "id" : "eafd1317-fcc0-4778-8c74-4aca4e846e1a", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "multivalued" : "true", + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "c2c3b9f9-c962-412e-a370-f13964a046cd", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${addressScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "364b519a-a9e1-4e28-8127-0fd5dc6b983e", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "introspection.token.claim" : "true", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + }, { + "id" : "ff97b6c1-63bc-4587-b160-4f1132666ca5", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${profileScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "5d31209c-9264-4188-a7bc-14170850deac", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "introspection.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "26ef77f2-48ef-4670-a983-75da3b1819e5", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + }, { + "id" : "608a4cbc-07a5-4cd6-bf63-011e805987b3", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + }, { + "id" : "f36a112b-3965-4faa-ad4a-c4d15e691b06", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "afadbf90-60d6-4b56-8320-ee0592bfc09a", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + }, { + "id" : "94e3c6f3-2049-4fc3-9bd7-ced90893a32d", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "long" + } + }, { + "id" : "4a924c75-17c0-4258-90a2-a4bf7799e20c", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + }, { + "id" : "e6e1dd80-9d52-418f-ac38-397a4776556a", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "816ad673-e3e2-40d3-ae45-11c795a75ebd", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + }, { + "id" : "f17edcfd-3d85-416a-9314-5a5023ef4edc", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + }, { + "id" : "0ed089bf-53e4-4dde-9ca0-231699039e53", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + }, { + "id" : "5de00eb2-a818-407c-a339-d97fe01797ea", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "3608ed99-d482-4999-9e5f-dfc1f809bd67", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + }, { + "id" : "d173c04e-9b47-40f6-a5ac-66e1c2351905", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "86b7e43b-366d-4c5b-9c66-97998892b579", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${phoneScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "d7aad674-172f-4974-a461-da3848840d5b", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "74ae7feb-9bf5-49e7-8312-a8b383314b40", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "e50dc9eb-023d-4339-8081-a25b6df243a6", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + }, { + "id" : "78b061da-ffe6-433a-a35d-cf6563c76caa", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "8a9d8ddc-c36e-4152-af5c-008b3efc0537", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "multivalued" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + }, { + "id" : "0dfcaa84-c4f1-4d17-8ec1-73dded167877", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "819eeb51-2205-4911-b5da-2284607b07cb", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "38d75bb6-6eb6-40a1-a42d-e2fc8a4251af", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { + "introspection.token.claim" : "true", + "access.token.claim" : "true" + } + } ] + } ], + "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], + "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "referrerPolicy" : "no-referrer", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection" : "1; mode=block", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "eventsEnabled" : false, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "identityProviders" : [ ], + "identityProviderMappers" : [ ], + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "d1745222-7f3c-4749-94e8-179c7cbc3a5f", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper" ] + } + }, { + "id" : "5c132b7b-fe2a-43f5-a7b3-9ada98c441b6", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "2944551e-5f04-47ba-9fad-2033ed5f2ce1", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "b65795ea-2666-4a48-925b-8f46c73df91b", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper" ] + } + }, { + "id" : "94ecd317-4ba6-44e0-a484-12430a693547", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + }, { + "id" : "cf115cf7-1aed-4263-82a8-a495386f7a13", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "8ddc31d0-136f-47b5-b039-f6a797cb8d75", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "96a6d503-3388-4ebb-ae54-7edb9abcc436", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "ddb56ea4-0ac9-4572-9cac-43eb335611a8", + "name" : "rsa-enc-generated", + "providerId" : "rsa-enc-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEogIBAAKCAQEAniysn47+zVP3UfKir6oBElmN6R1BKSmq5li6fxyuzMr+8OJQ/huTQri7SHfmgi4wZPrTOfGj4CMJCV3z65DK1Z3JGPSwzX4bqoseJSNENwZGx/hK7RCv2zAHBKXmOVXdF+t0vfkwYbQ5a3awjqB2MfZed1MTw9zpf5x1K7h6/KbHWC0EMvNAQv8lQPZ+76yi6HvEgaJl+TkC7t+Dsbx3TbA8sAkY+gWcBG4jQpr0+cBwiao5rn2FkY7QWmIAyqowIO+Ykit3yh0rPt/ZQEtyoTiIoT9AD1tqr0iSbjeuRa2gL/QtvlJccw1YbYfbpdo/tIPDLtF9lqKSZk22ijPgWwIDAQABAoIBAAGGOPnwGGnzAMXeZgRjpSq2iDlt4uMDYRHQpDpRFN/gpqSX7AgtumxKCpm25hbIgSsshw8nv/1B+S1SEy6x1Tu3xkPrcglPyWDA7+OTcm3YLX9NRa8BLJeIls+VFbQuUYIiygmmpB4Bf1XgNsw5EsqF5gCVzxY9HzJdfKC5qbAKdvV+Zt+aXJ3eKV5tESk9imt6eETubxjMZVMUaxWxnbAOeBy2BN7tRYg7WYiWtwScqNG6O/ugBa42sZ6PFj+mDS0YgZ03vrHiklK9ohSHWrnbBiJ4dcmC29PmKqMU24sQfCvK675K8owYURubuTmTydP0uxOvC27/gDldpJHy9FkCgYEA1K6AJj6hk9uGyeMlxf4bAaAvAKwbfUnHK8D835zMj6Vxe/QrLhCs6HRrQwrpUKgBUv5sFgRZnIvUpWvHwjqura9or6DaIMAyj3i/PDoMXx6hLG68h7IDJwz4i8d8HrV5PxbaF4zZL9/oqEgTZzvAp8Suh6yOy/RSrjIiC3asVYcCgYEAvmQZsjvaTJfpPAh1sE6R8QKvMNLAg24oxZ1mTyWekRsCDrek/grQ5prUW2hKq/I3rGneE2Rrh/44s221Tmt/BqPNRFBAwa1GiSztYbi1Y71oomjuqtOOu06VaTi+UZQD0SX6QMhxP34e7l37JwvwuMHNoi5OZq/jddUHJ+mCU40CgYBK+w5g7VnHp/B4QqWxjOl2hEOt5/91B0q5qTs9lqkjx38f5TBH+EcNWOXr5+/jqKd23A29IWF6aG3auAnf9xJYV2v/5ySfwULSBA7fq9NqwYCvCodbC65C2TbTCMxAg1gwntzayqRTVYxPr8FvdshwHU4utO5PB18S3MfV5MvTBwKBgGR2wbBxMNH13xbUh/WOoCgC+JrUus0fldghJFljSnbbP4ywjxmWb4Ef9ip9r9lnqMUL4ClvdeZ+2UClBWTqCE9io/AGQQVx/6Rm1qQYKW8GBW6d3EK7+7cO0nyBervlVNZKKfGBU3DjhkLVyK9j95Qmf/GyaaB585a74FjJOQIJAoGAD3Ne8+pbt62yMj+x64Tcfx8Q8J05I9NF1unqMTdT5czUuAFTY76pBZnTeoR7YvbKeCvbt6+osQJdXf7wpfRUfeqoXnPR6I3jRI/uK/M6f5dlbG5ieAkEmNKo1Xop0ECgxIvAgd2vtIeMVhPSabkJ997snbTV6hZvhqss0O0BsVk=" ], + "certificate" : [ "MIIClzCCAX8CBgGPPlv8XDANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARwaXRjMB4XDTI0MDUwMzEyMDc0NloXDTM0MDUwMzEyMDkyNlowDzENMAsGA1UEAwwEcGl0YzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ4srJ+O/s1T91Hyoq+qARJZjekdQSkpquZYun8crszK/vDiUP4bk0K4u0h35oIuMGT60znxo+AjCQld8+uQytWdyRj0sM1+G6qLHiUjRDcGRsf4Su0Qr9swBwSl5jlV3RfrdL35MGG0OWt2sI6gdjH2XndTE8Pc6X+cdSu4evymx1gtBDLzQEL/JUD2fu+souh7xIGiZfk5Au7fg7G8d02wPLAJGPoFnARuI0Ka9PnAcImqOa59hZGO0FpiAMqqMCDvmJIrd8odKz7f2UBLcqE4iKE/QA9baq9Ikm43rkWtoC/0Lb5SXHMNWG2H26XaP7SDwy7RfZaikmZNtooz4FsCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAHm2I7b/JwiweByOuokv8/z2fYTY56Zw5oWb8tDQatcV2TUu4KXsA6quWKlr3HenVqMo/8bBL4vzvwRUG8JnWcY1rAQ63t+2Mxj0SvcMimsfBv8FaUQCjRUN5VLT+Mx5W0Y/bEXJG7nUaJcr5XcUJM939Ti3GxEfxWQiS1vVKusbSEhV1OHEtP9o69VxPpbfOJJx8NJZBfeWRC61PGsjxKuCA6+LQJvqFunAGgT0PAGVfq+o0Kx7EIwShlBmVJ2alQIHgLRrx2jTjNHcawhwBHBDnvFqCurxIebh5XE6iFPN+4pnHJDgUW/ijInF7I1Tr4qwo8Brgc9tKDuPsrSksnw==" ], + "priority" : [ "100" ], + "algorithm" : [ "RSA-OAEP" ] + } + }, { + "id" : "7db8ad8b-fc9a-4e74-8b0b-0de79daaf1d6", + "name" : "hmac-generated", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "63d3e6c8-5ed7-47ca-98f7-8a0c363427c1" ], + "secret" : [ "lA3bF6nsLpXhQs2wbyaTT58lKj4C2kRuTiISmUa3bzTgr9dryTZZKG8n4uGny7PEfKeNW71rDIUWtjK1zI-pfg" ], + "priority" : [ "100" ], + "algorithm" : [ "HS256" ] + } + }, { + "id" : "c908b401-3355-462e-b1f2-fecd41370f56", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEogIBAAKCAQEAjZcGVo+lhERqW/tnQtZ9p4QRtNqmrZGZsuUyIcdK/xjmlhFenjuoAIu704+y5CNOUbjoagA4KzS0gg20yBRQPkt1m7zUx/ggKr8DAtNiCYF2fPWRoi/fVK+uo8l92QHv0yVaWsv3TC3kd9Cgq+BjeH455EwhAO6lVf/fEYbi8bOpPigne5mYuo1z6YaFms1zjryoFbAjtjO1AEJWIc3+j7xASJWQt1XdesLjmyWnVyn3gHjc1G7IYVKaBAQSU9aQrFkoF6W9VDT3/FesBKxW1/Cdw5/WaL+DHOIg/ZQ75in9DidXidpg8LlvkHNxDUgAmctGPP/g/9zCrFfMYZB4nQIDAQABAoIBACzHFFQPvbKkyFYqna9/keGGXOsrMwc1QrxWy5HvKwKd516SQ7AbAbiaeF4h1dtcZwplReswApN3aZavqvqTogTxbFJCV7CeAd5C5jrgiuKitMw0BUibhy+LF9nogQo+GJBYAckxNBY9dUGHEykIH60djkVq5g0ba+JUt0EdvWvegy4JEoWsckjwBFNoisGOcRTDQnV99RrkE87szhsMpYFOsMPeIBflpiLjGF25dOmZaaBlrJsWzJRqtz8Qtp1pmAW6g0+FfKOMUKpuLG6DKGOGEdez64XSXnALcGpUbfJ4kE8W4QS+qrvpCDgFqhDTVitLdIuXRFW4zz43RVYqJukCgYEAxJLeW4GPrXI6X2KljGTleVKywL7+yBhMac06xYpjRFoXjyC6VMI0txVM9SC1y1Vt7y1Coscgl/VCE9KJQSyM5T4txKc8ED0nscJ9kb+jTArEukMxIBj5w+G0Si32jVSSGBRCXF5///a0gvX/LTcVZOP6eBL5f3fMl0rjf2ooFisCgYEAuGThfiCjU6+nkxBqeEhxish/TaAnuoQsO2B52qdXWmksBADpvEpu3bZyjnJPz7dZU+teLyxQvNhfVPAKkb0V+QHKJL3lqO1XSF2voIYCjw3pvbuy1CGzwoL34aiZWvyHCYQ+KJpykdt21FTqeBP86m6G0i2I/PPHrZqJhrrK0FcCgYBtDy7ehds4148bLJe8dJ372a3i0hR430JF0N8yibzZR0Ka3gWC0Nx+VwsDVMqHrTX45Jt7xA6JQEEQzlXoGtdwuDacTEw+li9XqBgSrMfkgHT1AiJXNIQd8TMdlLKdZrZHNbY7mRJa6Hzty51vcIgmGXX0+FIELmsL5TiikDr9UQKBgAJsKN48VYj67Mus0olEAmHdYnbFnOABbodVLCSoQCiK6y4eSPPVUoGNLRIcBFppQT4uAG3EOkdQ3GfEQ49ImapM0LgM2qCOhbAIsw7707rHZwO8HIxW6QKsL8+CJImiea+xUhO8e7bY2EXP28i6En+N9i16tasFFOF9/0KK37E/AoGAHMIBcu0BJUBI3pjEDh+Oeiebqj+LPN9DZ8x0JV+tAcq232dPnQEzPrGMIIpPa6+lFr2s2kJz9F8Rrv5QPH60uC3DpyR91DdF2sVPVNEFScfGtfyEvAOwDl4Nh4aWn6afu0F/VIBVHWnKF9287M8G7glaqaZ/vyMViB0ncQSux4g=" ], + "certificate" : [ "MIIClzCCAX8CBgGPPlv/nzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARwaXRjMB4XDTI0MDUwMzEyMDc0N1oXDTM0MDUwMzEyMDkyN1owDzENMAsGA1UEAwwEcGl0YzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI2XBlaPpYREalv7Z0LWfaeEEbTapq2RmbLlMiHHSv8Y5pYRXp47qACLu9OPsuQjTlG46GoAOCs0tIINtMgUUD5LdZu81Mf4ICq/AwLTYgmBdnz1kaIv31SvrqPJfdkB79MlWlrL90wt5HfQoKvgY3h+OeRMIQDupVX/3xGG4vGzqT4oJ3uZmLqNc+mGhZrNc468qBWwI7YztQBCViHN/o+8QEiVkLdV3XrC45slp1cp94B43NRuyGFSmgQEElPWkKxZKBelvVQ09/xXrASsVtfwncOf1mi/gxziIP2UO+Yp/Q4nV4naYPC5b5BzcQ1IAJnLRjz/4P/cwqxXzGGQeJ0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAgVRRxN5mr3JqEPamWOrscqSePTPxW4mykZFNuAiqAtgWIR56X81rD9r/+jMj3CLeMpk2IOsM91zNrEP7ZQ47lAJIfoam09BWd081iLvp8wgWqy1s0QHAIqJJJ8dvK5u0UgYV3jYwPTb6hgxhpVdKmOrEZzZgO5HsG/Y8cbmn+9AUZT+2P4OHo9t6qx7IY4g7phCT9bHF6ug7nai6lWqILQguiVi7q0fMDOPinY3zwMiKkVgEqngRH3DiW3esg4qzR/kKRW1S/NdOdh/mELaHWMiga+Cq8g/Bh1jO5Va/5a/XplQcKEygOnScuUMj+ukyeApqMtyZfnGAjEwICzFCyw==" ], + "priority" : [ "100" ] + } + }, { + "id" : "b49c521b-b67f-4ae2-be3a-2be720256389", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "fed5c3e6-a67c-4822-9c54-ba788f4318d7" ], + "secret" : [ "ZkbGE7UzgZyp3y96lKcclA" ], + "priority" : [ "100" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ ], + "authenticationFlows" : [ { + "id" : "bf07988e-a0d0-48ce-824e-a4342a449625", + "alias" : "Account verification options", + "description" : "Method with which to verity the existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false + } ] + }, { + "id" : "4d31f2f3-95c1-4289-959d-7c668700fc5c", + "alias" : "Browser - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "17fbd598-1efd-4d00-bd1d-e89c12011b8e", + "alias" : "Direct Grant - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "9b6f35e6-3336-4ead-ba8a-5d682f333bb2", + "alias" : "First broker login - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "250b1c59-bdda-4e71-9f3f-692c9b4314ea", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Account verification options", + "userSetupAllowed" : false + } ] + }, { + "id" : "dcba69cf-a9b6-411c-89cf-3841d192ffa2", + "alias" : "Reset - Conditional OTP", + "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "c17b3317-9eaa-45de-93ab-9dad5d522278", + "alias" : "User creation or linking", + "description" : "Flow for the existing/non-existing user alternatives", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false + } ] + }, { + "id" : "9dee55a6-e505-4992-b566-eb0581a56dc2", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "First broker login - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "3254544a-6c46-4462-8e06-d54ca8e893fa", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "identity-provider-redirector", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 25, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "forms", + "userSetupAllowed" : false + } ] + }, { + "id" : "4f98fc0d-4100-4efd-b6e5-4d92f3368a81", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-secret-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "client-x509", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 40, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "cff0b41d-b6d7-4119-97c3-795483e5ee2a", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "direct-grant-validate-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 30, + "autheticatorFlow" : true, + "flowAlias" : "Direct Grant - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "86d55e5e-758f-4653-93e5-fbc450a0c5b4", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "6c353115-77da-4bed-93a0-351fceb5e9ad", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "User creation or linking", + "userSetupAllowed" : false + } ] + }, { + "id" : "039ec034-bbc9-43bb-a9f8-74a9feb9b200", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "autheticatorFlow" : true, + "flowAlias" : "Browser - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "d2045513-484d-4ecc-aae2-1cacdc7d62fd", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : true, + "flowAlias" : "registration form", + "userSetupAllowed" : false + } ] + }, { + "id" : "12161f52-a28d-4323-bb31-691d6779af28", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-password-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 50, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "registration-recaptcha-action", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 60, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + }, { + "id" : "fe643442-66ab-4d95-badf-e781452d9683", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-credential-email", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticator" : "reset-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 30, + "autheticatorFlow" : false, + "userSetupAllowed" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 40, + "autheticatorFlow" : true, + "flowAlias" : "Reset - Conditional OTP", + "userSetupAllowed" : false + } ] + }, { + "id" : "78b69075-02c0-4e4c-a220-ad9a69dc7479", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "autheticatorFlow" : false, + "userSetupAllowed" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "44d25b27-ba8e-4d43-a3c3-e519db34befb", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "1ec4670e-40ea-4dff-8940-b04163df5a21", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "TERMS_AND_CONDITIONS", + "name" : "Terms and Conditions", + "providerId" : "TERMS_AND_CONDITIONS", + "enabled" : false, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "delete_account", + "name" : "Delete Account", + "providerId" : "delete_account", + "enabled" : false, + "defaultAction" : false, + "priority" : 60, + "config" : { } + }, { + "alias" : "webauthn-register", + "name" : "Webauthn Register", + "providerId" : "webauthn-register", + "enabled" : true, + "defaultAction" : false, + "priority" : 70, + "config" : { } + }, { + "alias" : "webauthn-register-passwordless", + "name" : "Webauthn Register Passwordless", + "providerId" : "webauthn-register-passwordless", + "enabled" : true, + "defaultAction" : false, + "priority" : 80, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "attributes" : { + "cibaBackchannelTokenDeliveryMode" : "poll", + "cibaExpiresIn" : "120", + "cibaAuthRequestedUserHint" : "login_hint", + "oauth2DeviceCodeLifespan" : "600", + "clientOfflineSessionMaxLifespan" : "0", + "oauth2DevicePollingInterval" : "5", + "clientSessionIdleTimeout" : "0", + "parRequestUriLifespan" : "60", + "clientSessionMaxLifespan" : "0", + "clientOfflineSessionIdleTimeout" : "0", + "cibaInterval" : "5", + "realmReusableOtpCode" : "false" + }, + "keycloakVersion" : "23.0.7", + "userManagedAccessAllowed" : false, + "clientProfiles" : { + "profiles" : [ ] + }, + "clientPolicies" : { + "policies" : [ ] + } +} \ No newline at end of file diff --git a/config/docker/keycloak/rails.env b/config/docker/keycloak/rails.env new file mode 100644 index 000000000..ca53ff47d --- /dev/null +++ b/config/docker/keycloak/rails.env @@ -0,0 +1,9 @@ +KEYCLOAK=true +LOCAL=false + +ADMIN_ROLE=ADMIN +REALM=pitc + +HOST_URL=http://keycloak:8080 +CLIENT_ID=pitc-skills-dev +SECRET=Hr3e9BSzyfRSkUksFkgLgFgIhK91aFPk diff --git a/config/docker/keycloak/realm-export.json b/config/docker/keycloak/realm-export.json deleted file mode 100644 index 83dd90c78..000000000 --- a/config/docker/keycloak/realm-export.json +++ /dev/null @@ -1,1886 +0,0 @@ -{ - "id": "skills", - "realm": "skills", - "notBefore": 0, - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "enabled": true, - "sslRequired": "none", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": false, - "editUsernameAllowed": false, - "bruteForceProtected": false, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 30, - "roles": { - "realm": [ - { - "id": "0d4b57fd-f18f-42a3-a817-12cf39246a3a", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "skills", - "attributes": {} - }, - { - "id": "a0224536-96e4-40b6-84a0-93046816bfd7", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "skills", - "attributes": {} - } - ], - "client": { - "realm-management": [ - { - "id": "360a3b33-bac6-4daf-b0e7-cb78f2a7a5a7", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "view-authorization", - "manage-events", - "query-realms", - "query-groups", - "view-identity-providers", - "query-users", - "create-client", - "view-events", - "view-clients", - "manage-identity-providers", - "manage-realm", - "manage-clients", - "manage-users", - "impersonation", - "view-users", - "manage-authorization", - "view-realm", - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "27c9b8af-be46-4d7c-8bed-8bbef23a120c", - "attributes": {} - }, - { - "id": "182cb65f-a3c2-44c1-8a73-86edd8909085", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "27c9b8af-be46-4d7c-8bed-8bbef23a120c", - "attributes": {} - }, - { - "id": "49c5d048-bf00-4fbb-af89-02965dc28dfc", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "27c9b8af-be46-4d7c-8bed-8bbef23a120c", - "attributes": {} - }, - { - "id": "2f80b7af-3d99-4211-8bbc-064ec7d9cd1f", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "27c9b8af-be46-4d7c-8bed-8bbef23a120c", - "attributes": {} - }, - { - "id": "d34ea08f-2c69-4654-b93e-4b1d96c588e2", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "27c9b8af-be46-4d7c-8bed-8bbef23a120c", - "attributes": {} - }, - { - "id": "b0ccbe2a-b884-47c9-8042-dd2166425889", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "27c9b8af-be46-4d7c-8bed-8bbef23a120c", - "attributes": {} - }, - { - "id": "025a0667-df96-412b-b02d-7e54d376f0f4", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "27c9b8af-be46-4d7c-8bed-8bbef23a120c", - "attributes": {} - }, - { - "id": "c05fe11f-41e2-4823-ae54-d97514abef7f", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "27c9b8af-be46-4d7c-8bed-8bbef23a120c", - "attributes": {} - }, - { - "id": "cc7c2814-8f3d-421b-9a9f-fa01e99be8e4", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "27c9b8af-be46-4d7c-8bed-8bbef23a120c", - "attributes": {} - }, - { - "id": "cc4b0e26-0477-418b-a6f0-b7b24c1e232b", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "27c9b8af-be46-4d7c-8bed-8bbef23a120c", - "attributes": {} - }, - { - "id": "cbb829e7-ad2f-4ea3-80a4-36d802abd028", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "27c9b8af-be46-4d7c-8bed-8bbef23a120c", - "attributes": {} - }, - { - "id": "a5bf0936-2a1e-4baa-abe4-0d411ec38162", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "27c9b8af-be46-4d7c-8bed-8bbef23a120c", - "attributes": {} - }, - { - "id": "366daa17-4b1e-4c41-be7e-92455d7bd25d", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "27c9b8af-be46-4d7c-8bed-8bbef23a120c", - "attributes": {} - }, - { - "id": "9c14e271-6935-4cb0-b4ce-bf39a9146b07", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "27c9b8af-be46-4d7c-8bed-8bbef23a120c", - "attributes": {} - }, - { - "id": "4846806b-a883-4ea0-87ff-e1fe8c15da04", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "27c9b8af-be46-4d7c-8bed-8bbef23a120c", - "attributes": {} - }, - { - "id": "718f82cb-24c8-45e2-a5b8-871b3f5a539e", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-groups", - "query-users" - ] - } - }, - "clientRole": true, - "containerId": "27c9b8af-be46-4d7c-8bed-8bbef23a120c", - "attributes": {} - }, - { - "id": "c5f88538-565f-4831-a818-7d28aa2805ff", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "27c9b8af-be46-4d7c-8bed-8bbef23a120c", - "attributes": {} - }, - { - "id": "e2bce7d8-d8d2-4e70-88f7-c824b002c72d", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "27c9b8af-be46-4d7c-8bed-8bbef23a120c", - "attributes": {} - }, - { - "id": "0a347167-26bc-49a8-add3-de4a70bbe24c", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "27c9b8af-be46-4d7c-8bed-8bbef23a120c", - "attributes": {} - } - ], - "security-admin-console": [], - "pitc-skills-frontend": [], - "admin-cli": [], - "broker": [ - { - "id": "fc565519-a711-47a4-b1d7-df937150c290", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "bb186265-c313-48b3-a516-466a9e6abc6e", - "attributes": {} - } - ], - "account": [ - { - "id": "975f99bd-e367-4179-a6d8-12b44adaefb1", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "7bd66357-eeaf-4906-a12f-9f5afd807d07", - "attributes": {} - }, - { - "id": "fd98ba0c-5fd2-4fd0-a7c9-d46022b6784f", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": [ - "manage-account-links" - ] - } - }, - "clientRole": true, - "containerId": "7bd66357-eeaf-4906-a12f-9f5afd807d07", - "attributes": {} - }, - { - "id": "d366bd44-8cd5-4c7f-81aa-ac2beae2a685", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "7bd66357-eeaf-4906-a12f-9f5afd807d07", - "attributes": {} - } - ] - } - }, - "groups": [], - "defaultRoles": [ - "offline_access", - "uma_authorization" - ], - "requiredCredentials": [ - "password" - ], - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" - ], - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - } - ], - "clients": [ - { - "id": "27c9b8af-be46-4d7c-8bed-8bbef23a120c", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "0b953bd8-f716-4161-98da-06c43120335f", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "role_list", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "715fba37-18e7-495d-90e7-e4fb7be0ed80", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/skills/console/", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "/admin/skills/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "e57fe783-de87-4f87-af9e-fb6d45ddacb9", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "role_list", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "7bd66357-eeaf-4906-a12f-9f5afd807d07", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/skills/account/", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "3ed104cb-9d33-4919-bd7e-85363a748501", - "defaultRoles": [ - "view-profile", - "manage-account" - ], - "redirectUris": [ - "/realms/skills/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "role_list", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "bb186265-c313-48b3-a516-466a9e6abc6e", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "33977c08-c84a-4ad5-bfda-b05c3688b31d", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "role_list", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "97e760cb-c589-482c-bc1f-34e25fdc829a", - "clientId": "pitc-skills-frontend", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [ - "*" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": true, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "login_theme": "keycloak", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "exclude.session.state.from.auth.response": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "role_list", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "00a260d5-5c66-48b0-9e01-faf70bae649e", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "role_list", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - } - ], - "clientScopes": [ - { - "id": "84d4b434-48d2-4d04-9963-76b70fba953b", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "7f02b77c-a75d-4263-9b25-19d0d083f7d8", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "c0296f2f-7bf8-4115-8762-ee25b2e42ea4", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "ed3cd904-51c1-45b7-94f1-eeac8c3f07b6", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "7366cf94-0e0f-433e-8e24-ed7faeee4676", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "id": "28bc4418-a897-4307-bdde-60bb49c27915", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "c4d78b68-0393-4f1a-bed4-3b0959aabf50", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "7608ff25-6ce4-44fb-8b08-cde7ef683ef4", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "354a4179-63b4-4adb-977c-01de7fc43134", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "551c39ea-d030-459d-abb3-bb72c75293d2", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "6c0c7ae7-f043-49cf-bfc5-cc8e143ae8f8", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "2021bbc3-8b2a-46c3-b169-8e6db8c7c110", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "bb4c9449-884c-43e8-8554-8b66d5270d75", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "6e66e8b8-6c32-4a19-aec5-6302be6c4618", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "883c380b-6176-46d6-92d6-6b375e83339c", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "2b8aa15d-28cd-4de4-8a96-e2c91762b626", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "b25c6abb-3a61-4792-af96-c2000c94c382", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, - { - "id": "824d0951-737f-41b3-930a-6f17692c0227", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "6a75ded7-6473-40e7-b44b-273a7e962b6d", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "5b296feb-2821-4a95-b8b2-3d1824c7b278", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "6e48f622-a6f1-467b-8941-e0463248241e", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "45593784-08f9-4c00-a226-f98caadeba20", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "2df1d3d1-3137-4da7-89dc-b6300234806b", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "34f1b0bf-bdf3-493a-b5a9-b39c6c283c79", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "4ca37a91-125e-4e7d-bc03-8d344eca3ebb", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "dad92274-9403-4236-948c-2c101f646111", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "ee17df26-5357-4d56-b8c0-0b04c71577ac", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "68ee23a0-9d7c-4833-b542-c19a0707ca36", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "a8801c61-d74a-489f-bdf0-1fa9c65b3386", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "3ac3bec7-3ba9-4849-91c6-906f13bcdfe5", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "74c7d242-76a1-439d-8d80-251ba0a8aada", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "53220b2c-f5f4-4d23-980a-1776cbd0e23a", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "d5530b12-f029-4e4a-9ddb-687682bb31c2", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "fd21f9c7-f7df-40d4-af80-e1c68a854f47", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - }, - { - "id": "d11d0671-4c6e-4a4d-8085-34955ff3d0fa", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ] - } - ], - "defaultDefaultClientScopes": [ - "role_list", - "profile", - "email", - "roles", - "web-origins" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "phone", - "microprofile-jwt" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "xXSSProtection": "1; mode=block", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": {}, - "loginTheme": "keycloak", - "accountTheme": "keycloak", - "adminTheme": "keycloak", - "eventsEnabled": false, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [], - "adminEventsEnabled": false, - "adminEventsDetailsEnabled": false, - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "29098ac1-a5bc-4168-a543-8a509ae7410d", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "784c5b56-9808-4c75-b903-426712fe54ed", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "c2e46b00-3108-473f-8a08-708bbf410e91", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-address-mapper", - "saml-user-property-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper", - "saml-role-list-mapper", - "oidc-usermodel-property-mapper", - "saml-user-attribute-mapper" - ] - } - }, - { - "id": "33dbeb56-3bae-4502-af86-50d1371ede7f", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-usermodel-attribute-mapper", - "saml-user-property-mapper", - "oidc-usermodel-property-mapper", - "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-address-mapper", - "oidc-full-name-mapper", - "saml-role-list-mapper" - ] - } - }, - { - "id": "b4d9e128-94fc-43e4-93b0-52fcc242ebf6", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "3c969bec-7c51-480f-bf63-d21a21748bba", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "331308fa-b6b5-4fe2-ab9c-47d8d023b857", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "10b1e37c-0175-4852-bc7c-e5e64b96dfe9", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "bc096cee-d415-4668-9687-0f6a63dad11e", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } - }, - { - "id": "0926a620-b404-485f-9ba0-560f37bf7e4c", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "63d942a3-d78a-448d-b044-3f1d0738c6f0", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - } - ] - }, - "internationalizationEnabled": false, - "supportedLocales": [ - "" - ], - "authenticationFlows": [ - { - "id": "1e977489-3bef-4fbe-a346-b896f2e1a731", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "idp-email-verification", - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "64e96631-0583-4c4e-9645-518c601eca25", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "Verify Existing Account by Re-authentication - auth-otp-form - Conditional", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "1673352b-ed51-4b84-8410-925500d258f8", - "alias": "Verify Existing Account by Re-authentication - auth-otp-form - Conditional", - "description": "Flow to determine if the auth-otp-form authenticator should be used or not.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "d0dcc44d-b907-445e-9f33-b0c93a41382b", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "identity-provider-redirector", - "requirement": "ALTERNATIVE", - "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "aedee111-662c-4e8e-8df8-4826ea2a0048", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-jwt", - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-secret-jwt", - "requirement": "ALTERNATIVE", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-x509", - "requirement": "ALTERNATIVE", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "362c849e-aca7-47bd-be03-d84d03f81546", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-password", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "CONDITIONAL", - "priority": 30, - "flowAlias": "direct grant - direct-grant-validate-otp - Conditional", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "95efdde2-4ecf-49bc-9d1e-cc6b649225ec", - "alias": "direct grant - direct-grant-validate-otp - Conditional", - "description": "Flow to determine if the direct-grant-validate-otp authenticator should be used or not.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-otp", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "2ae4244d-347f-4a59-9334-ab0764dc5457", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "c0294b75-efcd-4141-aa8a-d3a6b044e17f", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "8d8aa861-f2d2-4a05-9437-ee26874fc564", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "forms - auth-otp-form - Conditional", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "c4ae0312-7840-4218-909a-4de81692a2d6", - "alias": "forms - auth-otp-form - Conditional", - "description": "Flow to determine if the auth-otp-form authenticator should be used or not.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "41eb6781-1753-4f15-8b82-8aa679e039ca", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "requirement": "DISABLED", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "0b2b989f-2e49-4753-b271-82a26d70c0e9", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "requirement": "REQUIRED", - "priority": 10, - "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "2fbf498a-6452-44e8-903b-d2f808d40528", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-profile-action", - "requirement": "REQUIRED", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-password-action", - "requirement": "REQUIRED", - "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-recaptcha-action", - "requirement": "DISABLED", - "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "6ad3efa9-9b62-4547-b555-1ceca539f059", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-credential-email", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-password", - "requirement": "REQUIRED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "CONDITIONAL", - "priority": 40, - "flowAlias": "reset credentials - reset-otp - Conditional", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "171dcb14-7a0e-4340-9d04-e2b9a9b0c2b2", - "alias": "reset credentials - reset-otp - Conditional", - "description": "Flow to determine if the reset-otp authenticator should be used or not.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-otp", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "4df6465f-fe30-4acf-8c3c-ee7344a3581b", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "9cd05f26-5cdf-4efc-8d6c-8b7c03986389", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "d1cb72f0-0974-49e2-a824-c51b478a0ac1", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "terms_and_conditions", - "name": "Terms and Conditions", - "providerId": "terms_and_conditions", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "_browser_header.xXSSProtection": "1; mode=block", - "_browser_header.xFrameOptions": "SAMEORIGIN", - "_browser_header.strictTransportSecurity": "max-age=31536000; includeSubDomains", - "permanentLockout": "false", - "quickLoginCheckMilliSeconds": "1000", - "_browser_header.xRobotsTag": "none", - "maxFailureWaitSeconds": "900", - "minimumQuickLoginWaitSeconds": "60", - "failureFactor": "30", - "actionTokenGeneratedByUserLifespan": "300", - "maxDeltaTimeSeconds": "43200", - "_browser_header.xContentTypeOptions": "nosniff", - "offlineSessionMaxLifespan": "5184000", - "actionTokenGeneratedByAdminLifespan": "43200", - "_browser_header.contentSecurityPolicyReportOnly": "", - "bruteForceProtected": "false", - "_browser_header.contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "waitIncrementSeconds": "60", - "offlineSessionMaxLifespanEnabled": "false" - }, - "keycloakVersion": "8.0.1", - "userManagedAccessAllowed": false -} \ No newline at end of file diff --git a/config/docker/keycloak/skills.env b/config/docker/keycloak/skills.env deleted file mode 100644 index 13ecaf304..000000000 --- a/config/docker/keycloak/skills.env +++ /dev/null @@ -1,19 +0,0 @@ -#Postgres skills -POSTGRES_USER=skills_production -POSTGRES_DB=skills_production -POSTGRES_PASSWORD=1234 - -#Rails container -SECRET_KEY_BASE=7cc29a9d63899e35f844c5446428f7c2e56b56ef1cb4f98547bd2525bbf209322f5fa8df43d91d9aabc4576acc6acfc5031c1a3c9b11050aac9b68235d99e641 -RAILS_DB_PASSWORD=1234 -RAILS_DB_HOST=db -RAILS_DB_USERNAME=skills_production -RAILS_SERVE_STATIC_FILES=1 -#SENTRY_DSN_FRONTEND='123456' -HELPLINK=https://help.my-skills.test -EMBER_KEYCLOAK_SERVER_URL=http://keycloak:8180/auth/ -EMBER_KEYCLOAK_SECRET=1234 -EMBER_KEYCLOAK_CLIENT_ID=pitc-skills-frontend -EMBER_KEYCLOAK_REALM_NAME=skills -RAILS_KEYCLOAK_SERVER_URL=http://keycloak:8180/auth/ -RAILS_KEYCLOAK_REALM_ID=skills diff --git a/config/docker/postgresql/docker-compose.yml b/config/docker/postgresql/docker-compose.yml deleted file mode 100644 index df7fe5c3b..000000000 --- a/config/docker/postgresql/docker-compose.yml +++ /dev/null @@ -1,40 +0,0 @@ -version: '2' - -services: - db: - image: postgres:9.5.7 - container_name: skills_db - ports: - - '5432:5432' - restart: always - env_file: - - psql-prod.env - environment: - POSTGRES_USER: skills_production - POSTGRES_DB: skills_production - volumes: - - skills-postgresql:/var/lib/postgresql/data - web: - image: puzzle/skills:latest - container_name: skills_web - ports: - - '8080:3000' - depends_on: - - db - env_file: - - psql-prod.env - environment: - RAILS_DB_HOST: db - RAILS_DB_USERNAME: skills_production - RAILS_SERVE_STATIC_FILES: 1 - #SENTRY_DSN_FRONTEND: '123456' - HELPLINK: 'https://help.my-skills.test' - # EMBER_KEYCLOAK_SERVER_URL: 'keycloak.my-skills.test' - # EMBER_KEYCLOAK_CLIENT_ID: 'test-client-id' - # EMBER_KEYCLOAK_REALM_NAME: 'realm' - KEYCLOAK_DISABLED: 1 - volumes: - - skills-store:/opt/app-root/src/uploads/ -volumes: - skills-postgresql: - skills-store: diff --git a/config/docker/postgresql/psql-prod.env.tmpl b/config/docker/postgresql/psql-prod.env.tmpl deleted file mode 100644 index ebef10d64..000000000 --- a/config/docker/postgresql/psql-prod.env.tmpl +++ /dev/null @@ -1,5 +0,0 @@ -POSTGRES_PASSWORD=change-me - -SECRET_KEY_BASE=change-me -# set to same value as POSTGRES_PASSWORD -RAILS_DB_PASSWORD=change-me diff --git a/config/docker/s2i/root/usr/libexec/s2i/post-assemble b/config/docker/s2i/root/usr/libexec/s2i/post-assemble deleted file mode 100755 index 7d2de77cc..000000000 --- a/config/docker/s2i/root/usr/libexec/s2i/post-assemble +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -set -ex - -pushd /opt/app-root/src -echo $OPENSHIFT_BUILD_COMMIT > BUILD_INFO -popd - -pushd /opt/app-root/src/frontend -yarn install -yarn build-prod -mv -v dist/* /opt/app-root/src/public/ -popd diff --git a/config/docker/s2i/root/usr/libexec/s2i/restore-artifacts b/config/docker/s2i/root/usr/libexec/s2i/restore-artifacts deleted file mode 100755 index 01bf551fa..000000000 --- a/config/docker/s2i/root/usr/libexec/s2i/restore-artifacts +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -set -e - -cd - -# Restore build artifacts -if [ -d /tmp/artifacts/bundle ]; then - echo "Restoring bundle..." - - rm -rf bundle - mv /tmp/artifacts/bundle . -fi diff --git a/config/docker/s2i/root/usr/libexec/s2i/save-artifacts b/config/docker/s2i/root/usr/libexec/s2i/save-artifacts deleted file mode 100755 index a69229976..000000000 --- a/config/docker/s2i/root/usr/libexec/s2i/save-artifacts +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -set -e - -cd - -tar cf - bundle diff --git a/db/seeds/development/01_auth_users.rb b/db/seeds/development/01_auth_users.rb index 6d27a340c..29868cdc1 100644 --- a/db/seeds/development/01_auth_users.rb +++ b/db/seeds/development/01_auth_users.rb @@ -6,7 +6,7 @@ auth_users = [ { - first_name: 'Anderson', last_name: 'Admin', admin: true + first_name: 'Andreas', last_name: 'Admin', admin: true }, { first_name: 'Ursula', last_name: 'User', admin: false diff --git a/db/seeds/development/02_people.rb b/db/seeds/development/02_people.rb index b2447d17d..ca7bfefc0 100644 --- a/db/seeds/development/02_people.rb +++ b/db/seeds/development/02_people.rb @@ -24,6 +24,7 @@ 'Daenerys Targaryen', 'Davos Seaworth', 'Arya Stark', - 'Anderson Admin'] + 'Andreas Admin', + 'Ursula User'] seeder.seed_people(names) diff --git a/docker-compose.yml b/docker-compose.yml index a56d871e3..cedb92fef 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,54 +1,56 @@ -version: '3.2' - -services: - postgres: - image: postgres:9.5.7 - ports: - - '5432:5432' - environment: - - POSTGRES_DB=skills_development - - POSTGRES_USER=skills - - POSTGRES_PASSWORD=skills - volumes: - - postgres:/var/lib/postgres +services: rails: + container_name: rails image: skills-dev/rails user: "${UID:-1000}" tty: true stdin_open: true environment: - RAILS_DB_HOST: 'postgres' - DISPLAY: ${DISPLAY} + - RAILS_DB_HOST=postgres + env_file: .env build: context: ./config/docker/development dockerfile: Rails.dockerfile ports: - - "3000:3000" + - 3000:3000 volumes: - ./:/myapp - ./tmp/seed:/seed - ./config/docker/development/home/rails:/home/developer - /tmp/.X11-unix:/tmp/.X11-unix - bundler_cache:/opt/bundle - ember: - image: skills-dev/ember - tty: true - stdin_open: true - user: "${UID:-1000}" - build: - context: ./config/docker/development - dockerfile: Ember.dockerfile - volumes: - - ./frontend:/myapp - - ./tmp/bash_history:/root/.bash_history - - yarn_cache:/myapp/node_modules - tmpfs: - - /myapp/tmp + depends_on: + - postgres + + postgres: + container_name: postgres + image: postgres:16 ports: - - "4200:4200" - - "7020:7020" - - "7357:7357" + - 5432:5432 + env_file: .env + volumes: + - postgres:/var/lib/postgres + + assets: + container_name: assets + image: ruby:3.2 + working_dir: /myapp + command: > + /bin/bash -c " + curl -fsSL https://deb.nodesource.com/setup_18.x | bash - && + apt-get install -y nodejs && + npm install -g yarn && bin/assets && + sleep infinity" + volumes: + - ./:/myapp + - bundler_cache:/opt/bundle + - assets_cache:/usr/bin/ + depends_on: + - rails + + volumes: bundler_cache: - yarn_cache: + assets_cache: postgres: + diff --git a/lib/auth_config.rb b/lib/auth_config.rb index a883821da..f401f8caf 100644 --- a/lib/auth_config.rb +++ b/lib/auth_config.rb @@ -1,6 +1,11 @@ # frozen_string_literal: true +require_relative '../app/controllers/concerns/param_converters' + + class AuthConfig + extend ParamConverters + AUTH_CONFIG_PATH = Rails.root.join('config/auth.yml') class << self @@ -24,20 +29,24 @@ def admin_role get_var_from_environment(:admin_role, required: false) end + def keycloak? + to_boolean(get_var_from_environment(:keycloak, required: false, default: false)) + end + private - def get_var_from_environment(key, required: true) + def get_var_from_environment(key, required: true, default: nil) if local? - settings_file[key] + settings_file[key] || default else raise("Environment variable not set: '#{key}'") if required && ENV[key.to_s.upcase].nil? - ENV.fetch(key.to_s.upcase) + ENV.fetch(key.to_s.upcase, default) end end def local? - ENV.fetch('LOCAL', false) + to_boolean(ENV.fetch('LOCAL', false)) end def settings_file diff --git a/spec/fixtures/auth_users.yml b/spec/fixtures/auth_users.yml index 7f701107a..e8ccb363d 100644 --- a/spec/fixtures/auth_users.yml +++ b/spec/fixtures/auth_users.yml @@ -1,12 +1,12 @@ user: uid: 1234-5678-9012-3456 - name: User Name + name: Ursula User email: user@skills.ch is_admin: false admin: uid: 1234-5678-9012-3457 - name: Admin Name + name: Andreas Admin email: admin@skills.ch is_admin: true \ No newline at end of file