-
Notifications
You must be signed in to change notification settings - Fork 71
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(jans-linux-setup): resource provisioning on both jans-auth and k…
…eycloak (#7447) * feat(jans-linux-setup): resource provisioning on both jans-auh and keycloak Signed-off-by: Mustafa Baser <mbaser@mail.com> * fix(jans-linux-setup): grant types for saml clients Signed-off-by: Mustafa Baser <mbaser@mail.com> --------- Signed-off-by: Mustafa Baser <mbaser@mail.com>
- Loading branch information
1 parent
f84e99a
commit e8fa4cf
Showing
7 changed files
with
173 additions
and
36 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
58 changes: 58 additions & 0 deletions
58
jans-linux-setup/jans_setup/templates/jans-saml/clients.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
[ | ||
{ | ||
"client_prefix": "2100.", | ||
"client_var": "saml_scim_client_id", | ||
"client_id": "saml_scim_client", | ||
"display_name": "Jans SCIM Client for SAML", | ||
"description": "Jans SCIM Client for SAML", | ||
"scopes_dns": ["inum=F0C4,ou=scopes,o=jans"], | ||
"scopes_ids": ["https://jans.io/scim/users.write", "https://jans.io/scim/users.read"], | ||
"redirect_uri": ["https://%(hostname)s/admin-ui", "http://localhost:4100"], | ||
"grant_types": ["authorization_code", "client_credentials", "password", "refresh_token"], | ||
"authorization_methods": ["client_secret_basic", "client_secret_post"], | ||
"response_types": null, | ||
"application_type": "web" | ||
}, | ||
{ | ||
"client_prefix": "2101.", | ||
"client_var": "kc_saml_openid_client_id", | ||
"client_id": "kc_saml_openid", | ||
"display_name": "kc_saml_openid", | ||
"description": "Keycloak OpenID client used for SAML authentication", | ||
"scopes_dns": [], | ||
"scopes_ids": ["email" , "user_name" , "openid"], | ||
"redirect_uri": ["https://%(idp_config_hostname)s:%(idp_config_http_port)s/realms/master/kc-jans-authn-rest-bridge/auth-complete"], | ||
"grant_types": ["authorization_code"], | ||
"authorization_methods": ["client_secret_basic"], | ||
"response_types": ["code", "token"], | ||
"application_type": "native" | ||
}, | ||
{ | ||
"client_prefix": "2102.", | ||
"client_var": "kc_scheduler_api_client_id", | ||
"client_id": "kc_scheduler_api", | ||
"display_name": "kc_scheduler_api", | ||
"description": "keycloak scheduler openid client used to obtain API keys to invoke the config-api", | ||
"scopes_dns": [], | ||
"scopes_ids": ["http://jans.io/idp/saml.write", "http://jans.io/idp/saml.readonly", "http://jans.io/oauth/config/saml.readonly", "http://jans.io/oauth/config/saml.write", "http://jans.io/oauth/config/attributes.readonly"], | ||
"redirect_uri": ["https://%(idp_config_hostname)s:%(idp_config_http_port)s/realms/jans/dev/null"], | ||
"grant_types": ["client_credentials"], | ||
"authorization_methods": ["client_secret_basic"], | ||
"response_types": ["token"], | ||
"application_type": "native" | ||
}, | ||
{ | ||
"client_prefix": "2103.", | ||
"client_var": "kc_master_auth_client_id", | ||
"client_id": "kc_master_auth", | ||
"display_name": "kc_master_auth", | ||
"description": "keycloak master realm client used to authenticate administrators", | ||
"scopes_dns": [], | ||
"scopes_ids": ["email" , "user_name" , "openid"], | ||
"redirect_uri": ["https://%(idp_config_hostname)s:%(idp_config_http_port)s/realms/master/kc-jans-authn-rest-bridge/auth-complete"], | ||
"grant_types": ["authorization_code"], | ||
"authorization_methods": ["client_secret_basic"], | ||
"response_types": ["code", "token"], | ||
"application_type": "web" | ||
} | ||
] |
7 changes: 7 additions & 0 deletions
7
jans-linux-setup/jans_setup/templates/jans-saml/kc_jans_api/jans.browser-auth-flow.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
{ | ||
"alias":"janssen login", | ||
"description": "browser based authentication tailored for the janssen-auth server", | ||
"providerId": "basic-flow", | ||
"topLevel": true, | ||
"builtIn" : false | ||
} |
7 changes: 7 additions & 0 deletions
7
jans-linux-setup/jans_setup/templates/jans-saml/kc_jans_api/jans.execution-auth-cookie.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
{ | ||
"parentFlow": "${jans_browser_auth_flow_id}", | ||
"authenticator": "auth-cookie", | ||
"authenticatorConfig": null, | ||
"requirement": "ALTERNATIVE", | ||
"priority": 10 | ||
} |
7 changes: 7 additions & 0 deletions
7
jans-linux-setup/jans_setup/templates/jans-saml/kc_jans_api/jans.execution-auth-jans.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
{ | ||
"parentFlow": "${jans_browser_auth_flow_id}", | ||
"authenticator": "kc-jans-authn", | ||
"authenticatorConfig": null, | ||
"requirement": "REQUIRED", | ||
"priority": 20 | ||
} |
10 changes: 10 additions & 0 deletions
10
jans-linux-setup/jans_setup/templates/jans-saml/kc_jans_api/jans.execution-config-jans.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
{ | ||
"alias": "jans-auth-openid-config", | ||
"config": { | ||
"jans.auth.server.url": "https://${hostname}", | ||
"jans.auth.client.id": "${kc_saml_openid_client_id}", | ||
"jans.auth.client.secret": "${kc_saml_openid_client_pw}", | ||
"jans.auth.issuer": "https://${hostname}", | ||
"jans.auth.extra_scopes": null | ||
} | ||
} |