diff --git a/.env.local b/.env.local index 0d0241fc0..11f701031 100644 --- a/.env.local +++ b/.env.local @@ -1,3 +1,5 @@ +LOG_LEVEL=info +DISABLE_LOGGING='true' AUTH_STRATEGY=Oauth2Proxy KNEX_HOST=kong-db KNEX_PORT=5432 @@ -9,18 +11,18 @@ MONGO_URL=mongodb://mongodb:27017/keystonedb4 MONGO_USER= MONGO_PASSWORD= KONG_URL=http://kong.localtest.me:8001 -JWKS_URL=http://keycloak.localtest.me:9080/auth/realms/master/protocol/openid-connect/certs +JWKS_URL=http://keycloak.localtest.me:9081/auth/realms/master/protocol/openid-connect/certs FEEDER_URL=http://feeder.localtest.me:6000 NEXT_PUBLIC_API_ROOT=http://oauth2proxy.localtest.me:4180 GWA_API_URL=http://gwa-api.localtest.me:2000 GWA_PROD_ENV_SLUG=E0000000 GWA_RES_SVR_CLIENT_ID=gwa-api GWA_RES_SVR_CLIENT_SECRET=18900468-3db1-43f7-a8af-e75f079eb742 -KEYCLOAK_AUTH_URL=http://keycloak.localtest.me:9080/auth +KEYCLOAK_AUTH_URL=http://keycloak.localtest.me:9081/auth KEYCLOAK_REALM=master EMAIL_ENABLED=false EXTERNAL_URL=http://oauth2proxy.localtest.me:4180 -OIDC_ISSUER=http://keycloak.localtest.me:9080/auth/realms/master +OIDC_ISSUER=http://keycloak.localtest.me:9081/auth/realms/master LOCAL_ENV=true WORKING_PATH=/tmp DESTINATION_URL= diff --git a/.github/workflows/aps-cypress-e2e.yaml b/.github/workflows/aps-cypress-e2e.yaml index 5b5eea26e..38de9e387 100644 --- a/.github/workflows/aps-cypress-e2e.yaml +++ b/.github/workflows/aps-cypress-e2e.yaml @@ -1,6 +1,7 @@ -name: Build and Deploy Cypress and Execute Tests +name: Cypress and Execute Tests on: + workflow_dispatch: {} push: branches: ['test', 'cypress*'] @@ -27,36 +28,35 @@ jobs: - name: Checkout Portal uses: actions/checkout@v2 + # - name: Determine Download file name + # id: set_variable + # run: | + # echo ${{ runner.arch }} + # if [ "${{ runner.arch }}" == "X64" ]; then + # echo "::set-output name=my_variable::gwa_Linux_x86_64.tgz" + # elif [ "${{ runner.arch }}" == "ARM64" ]; then + # echo "::set-output name=my_variable::gwa_Linux_arm64.tgz" + # else + # echo "unsupported architecture" + # fi - - name: Determine Download file name - id: set_variable - run: | - echo ${{ runner.arch }} - if [ "${{ runner.arch }}" == "X64" ]; then - echo "::set-output name=my_variable::gwa_Linux_x86_64.tgz" - elif [ "${{ runner.arch }}" == "ARM64" ]; then - echo "::set-output name=my_variable::gwa_Linux_arm64.tgz" - else - echo "unsupported architecture" - fi - - - name: Download Binar - uses: robinraju/release-downloader@v1.8 - with: - repository: "bcgov/gwa-cli" - latest: true - fileName: ${{ steps.set_variable.outputs.my_variable }} - out-file-path: "${{ github.workspace }}/e2e" + # - name: Download Binary + # uses: robinraju/release-downloader@v1.8 + # with: + # repository: "bcgov/gwa-cli" + # latest: true + # fileName: ${{ steps.set_variable.outputs.my_variable }} + # out-file-path: "${{ github.workspace }}/e2e" + + # - name: Unzip file + # run: | + # cd ${{ github.workspace }}/e2e + # tar xvzf ${{ steps.set_variable.outputs.my_variable }} - - name: Unzip file - run: | - cd ${{ github.workspace }}/e2e - tar xvzf ${{ steps.set_variable.outputs.my_variable }} - - name: Build Docker Images run: | - docker-compose build - + docker compose --profile testsuite build + - name: Spin up API Services Portal and Run E2E Tests run: | export CY_EXECUTION_ENV=${{ env.EXECUTION_ENV }} @@ -68,14 +68,14 @@ jobs: export CY_COMMIT_MESSAGE="${{ env.GIT_COMMIT_MESSAGE }}" export CY_REPO_URL=${{ env.GIT_REPO_URL }} export CY_COMMIT_AUTHOR_EMAIL=$(git --no-pager show -s --format='%ae' ${{ env.GIT_COMMIT_SHA }}) - docker-compose up -d + docker compose --profile testsuite up -d - name: Execute Tests & Clean Up run: | while true; do if [ "$(docker ps -aq -f status=exited -f name=cypress-e2e)" ]; then # cleanup - docker-compose down + docker compose down break else echo "Waiting for Cypress to Complete E2E Tests....." diff --git a/.github/workflows/ci-build-deploy.yaml b/.github/workflows/ci-build-deploy.yaml index af04a4d83..281fb82bd 100644 --- a/.github/workflows/ci-build-deploy.yaml +++ b/.github/workflows/ci-build-deploy.yaml @@ -264,9 +264,9 @@ jobs: NEXT_PUBLIC_HELP_API_DOCS_URL: value: '/ds/api/v2/console/' NEXT_PUBLIC_HELP_SUPPORT_URL: - value: 'https://bcgov.github.io/aps-infra-platform/' + value: 'https://mvp.developer.gov.bc.ca/docs/default/component/aps-infra-platform-docs/' NEXT_PUBLIC_HELP_RELEASE_URL: - value: 'https://bcgov.github.io/aps-infra-platform/releases/' + value: 'https://mvp.developer.gov.bc.ca/docs/default/component/aps-infra-platform-docs/reference/releases/' NEXT_PUBLIC_HELP_STATUS_URL: value: 'https://uptime.com/s/bcgov-dss' NEXT_PUBLIC_DEVELOPER_IDS: diff --git a/.github/workflows/ci-feat-url.yml b/.github/workflows/ci-feat-url.yml new file mode 100644 index 000000000..56365b511 --- /dev/null +++ b/.github/workflows/ci-feat-url.yml @@ -0,0 +1,28 @@ +name: Add URL to Feature PRs + +on: + pull_request: + branches: + - dev + +jobs: + comment: + runs-on: ubuntu-latest + steps: + - name: Set KEBAB_CASE_BRANCH + run: | + # Convert github.head_ref to kebab case + kebab_case=$(echo "${{ github.head_ref }}" | sed 's/_/-/g; s/\//-/g') + echo "::set-output name=KEBAB_CASE_BRANCH::${kebab_case}" + id: set-branch-id + + - name: Check the KEBAB_CASE_BRANCH output + run: echo "The KEBAB_CASE_BRANCH is ${{ steps.set-branch-id.outputs.KEBAB_CASE_BRANCH }}" + + - name: PR Description + if: startsWith(github.head_ref, 'feature/') == true + uses: bcgov-nr/action-pr-description-add@v1.1.1 + with: + add_markdown: | + --- + 🚀 Feature branch deployment: https://api-services-portal-${{ steps.set-branch-id.outputs.KEBAB_CASE_BRANCH }}.apps.silver.devops.gov.bc.ca diff --git a/README.md b/README.md index 931b0f838..2640d003e 100644 --- a/README.md +++ b/README.md @@ -6,73 +6,92 @@ ![GitHub](https://img.shields.io/github/license/bcgov/aps-portal?style=for-the-badge) ![GitHub tag (latest by date)](https://img.shields.io/github/v/tag/bcgov/aps-portal?label=release&style=for-the-badge) + ## Introduction + The `API Services Portal` is a frontend for API Providers to manage the lifecycle of their APIs and for Developers to discover and access these APIs. It works in combination with the Kong Community Edition Gateway and Keycloak IAM solution. -## Running the Project. -### Installation +## Local Deployment -#### 1. Manual -To run this project first run `npm install`. +The repo is setup to create a local deployment of the Portal along with required support services (Postgres, Keycloak, OAuth2-proxy, Feeder and Kong Gateway) using `docker compose`. -This application requires to have an Authentication proxy in front of it. Go to [oauth2-proxy](oauth2-proxy) for instructions on starting the proxy locally. +1. Clone and build the [Gateway Admin API](https://github.com/bcgov/gwa-api) (gwa-api) -You can then run `npm run dev` to start the application on port 3000. The proxy runs on port 4180. + ``` + git clone https://github.com/bcgov/gwa-api + cd ./microservices/gatewayApi + docker build -t gwa-api:e2e . + ``` -``` -hostip=$(ifconfig en0 | awk '$1 == "inet" {print $2}') +1. Build: Back in `api-services-portal`, run `docker compose --profile testsuite build`. +1. Run: `docker compose up`. Wait for startup to complete - look for `Swagger UI registered`. +1. The Portal is now live at http://oauth2proxy.localtest.me:4180 + 1. To login, use username `local` and password `local`, or username `janis@idir` and password `awsummer`. +1. If you have made any changes to the app code, update images by running `docker compose build` then `docker compose up`. +1. Clean up: `docker compose down` removes all the hosted services + +### Cypress testing -export AUTH_STRATEGY=Oauth2Proxy -export ADAPTER=knex -export KNEX_HOST=$hostip -export KNEX_DATABASE=keystonejs -export KNEX_USER="" -export KNEX_PASSWORD="" -export MONGO_URL=mongodb://$hostip:17017/keystonedb3 -export MONGO_USER="" -export MONGO_PASSWORD="" +To run the Cypress test automation suite, run `docker compose --profile testsuite up`. -export FEEDER_URL=http://localhost:6000 +### gwa CLI configuration -export KONG_URL="" -export OIDC_ISSUER="" -export JWKS_URL=${OIDC_ISSUER}/protocol/openid-connect/certs +To use the `gwa` command line interace, configure it with: -export NEXT_PUBLIC_API_ROOT=http://localhost:4180 -export SSR_API_ROOT=http://localhost:4180 -export EXTERNAL_URL="http://localhost:4180" +``` +gwa config set host oauth2proxy.localtest.me:4180 +gwa config set scheme http +``` -export GWA_API_URL=http://localhost:2000 +Run this command to test logging in and creating a namespace: -npm run dev ``` +gwa login +gwa namespace create --name gw-12345 +``` + +### Keycloak configuration -Once running, the `api services portal` application is reachable via `localhost:4180`. +Keycloak is initialized with `master` realm. The realm configuration is saved in `local/keycloak/master-realm.json`. It also creates a realm user `local` with admin privileges. -#### 2. Docker +### Development -##### Steps +Use the following configuration to run the Portal locally (outside of Docker) against the support components deployed with `docker compose`. Changes to the Portal code will live update instead of requiring `docker build`. -1. Create a `.env` from `.env.local` file -2. Create a `.env` from `.env.local` file under `feeds` directory -3. Remove cypress from docker-compose file (L106-129 & L217-229) -4. Run build steps [here](https://github.com/bcgov/api-services-portal/tree/dev/e2e#build-gateway-api-image) -5. Run `docker-compose build` -5. Run `docker-compose up` to spin up a local development environment with services (Postgres, Keycloak, OAuth2-proxy, APS-Portal, Feeder and Kong Gateway) -6. Go to: http://oauth2proxy.localtest.me:4180 -7. To login, use username `local` and password `local`, or username `janis@idir` and password `awsummer` -8. `docker-compose down` : Removes all the hosted services +1. Follow [local deployment instructions](#local-deployment) and run `docker compose up`. +1. In `/src` run `npm install`. + 1. If using Node version > 17, run `npm install --legacy-peer-deps` -##### Note: +1. Turn off the docker compose Portal: `docker stop apsportal` +1. Configure the `oauth2-proxy` that is running in Docker: + 1. Update `upstreams` in `oauth2-proxy/oauth2-proxy-local.cfg` to include the IP address of your local machine, e.g. `upstreams=["http://172.100.100.01:3000"]` +
You can obtain the IP address using `hostname -I`. + + 1. Restart the oauth2-proxy: `docker compose restart oauth2-proxy` + +1. Start the Portal locally: + + ```sh + cd src + set -o allexport + source ../.env.local + LOG_LEVEL=debug + KNEX_HOST=kong-db.localtest.me + NEXT_PUBLIC_MOCKS=off + set +o allexport + + npm run dev + ``` + +1. The Portal is now live at http://oauth2proxy.localtest.me:4180 and should auto-update on code changes. -- Please wait until keycloak service starts and is initialized with `master` realm. The realm configuration is saved in `./keycloak/master-realm.json`. It also creates a realm user `local` with admin privileges. -- You may want to run `docker-compose build` if there are new changes that are not reflected in the last time you built the container images ## Design + The `API Services Portal` is a React application using the Chakra UI component library, and using two frameworks: KeystoneJS V5, and NextJS. The application is divided up into the following six components: @@ -147,9 +166,11 @@ Currently support feeders: Source: `feeds` + ## Development -#### TypeScript + +### TypeScript The client-side Next.js application uses TypeScript, and because it plays nicely with GraphQL types, uses a codegen to generate the API types. In `development` mode once the API server has started the types are automatically generated, but will need to be regenerated if you make changes to the @@ -176,7 +197,7 @@ const Component = () => { All Typescript paths alias `src/nextapp` to `@/`. -#### Storybook +### Storybook [Chakra UI](https://chakra-ui.com) was chosen for the UI framework due to its utility and flexibility. A theme has been created which follows the [BC Government Web Design System](https://developer.gov.bc.ca/Design-System) alongside custom components written for the portal. @@ -196,7 +217,7 @@ import { Button } from 'chakra-ui/react'; All the core components stories are located in `src/stories`. For custom components add the story in the component folder, ie `src/nextapp/components/card/card.stories.tsx`. -#### Mock Server +### Mock Server For convenience a mock server is available to fake data via the GraphQL api. Run by opening a new shell window after running `$ npm run dev` and run the following: @@ -214,7 +235,7 @@ GWA_API_URL=http://localhost:4000 It should be noted that a 1-to-1 replication of the production API is not the goal of the mock server. It's simply to replicate requests and confirm the content returned will behave in an expected way. -###### Updating mock server schemas +#### Updating mock server schemas When Keystone-level types are updated, there is a manual step required for the mock server in order to keep the mock data structure in sync with the production server. It is definitely manual at the moment, but fairly easy and quick to do. @@ -222,7 +243,7 @@ When Keystone-level types are updated, there is a manual step required for the m 2. The far right of the graphiql interface are 2 tabs, `DOCS` and `SCHEMAS`. You can either download and copy or copy the contents of the `SCHEMAS` tab and paste it in `src/test/mock-server/schemas.js` inside the string literal. 3. Delete any instances of a `@deprecated(reason: "Use `path` instead")` string. These messages break the graphql-tools -#### Coding Style +### Coding Style There isn't a strict, repo-wide coding style per se, but we use Prettier and ESLint to maintain a consistent code style. Both libraries are included locally as part of the node_modules, so it is recommended to configure your editor to run off local versions instead of global so any API changes between versions don't collide. @@ -255,4 +276,3 @@ select 'drop table "' || tablename || '" cascade;' from pg_tables where schemana ``` In the mean time, it is possible to drop the tables and re-run the `init-aps-portal-keystonejs-batch-job`. - diff --git a/docker-compose.yml b/docker-compose.yml index 445c2b9d9..c5eb616f2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,7 +9,7 @@ x-common-variables: &common-variables services: keycloak: - image: jboss/keycloak:11.0.3 + image: jboss/keycloak:15.1.1 container_name: keycloak hostname: keycloak depends_on: @@ -18,7 +18,7 @@ services: [ '-b', '0.0.0.0', - '-Djboss.socket.binding.port-offset=1000', + '-Djboss.socket.binding.port-offset=1001', '-Dkeycloak.migration.action=import', '-Dkeycloak.migration.provider=singleFile', '-Dkeycloak.migration.file=/tmp/realm-config/master-realm.json', @@ -26,7 +26,7 @@ services: '-Dkeycloak.profile.feature.upload_scripts=enabled', ] ports: - - 9080:9080/tcp + - 9081:9081/tcp environment: #KEYCLOAK_USER: local #KEYCLOAK_PASSWORD: local @@ -103,30 +103,6 @@ services: - ./local/feeder-init:/tmp networks: - aps-net - cypress: - image: aps-cypress-e2e:latest - container_name: cypress-e2e - entrypoint: sh -c "chmod +x /tmp/entrypoint.sh && /tmp/entrypoint.sh" - environment: - - CYPRESS_RECORD_KEY=${CY_RECORD_KEY} - - CYPRESS_PROJECT_ID=${CY_PROJECT_ID} - - RUN_ENV=${CY_EXECUTION_ENV} - - COMMIT_INFO_BRANCH=${CY_COMMIT_BRANCH} - - COMMIT_INFO_SHA=${CY_COMMIT_SHA} - - COMMIT_INFO_AUTHOR=${CY_COMMIT_AUTHOR} - - COMMIT_INFO_MESSAGE=${CY_COMMIT_MESSAGE} - - COMMIT_INFO_REMOTE=${CY_REPO_URL} - - COMMIT_INFO_EMAIL=${CY_COMMIT_AUTHOR_EMAIL} - depends_on: - - feeder-seeding - build: - context: ./e2e - dockerfile: Dockerfile - volumes: - - ./e2e/coverage:/e2e/coverage - - ./e2e/results:/e2e/results - networks: - - aps-net kong-db: image: postgres:12.8 container_name: kong-db @@ -141,7 +117,9 @@ services: - ./local/db/database-init.sql:/docker-entrypoint-initdb.d/1-init.sql - ./local/db/keystone-init.sql:/docker-entrypoint-initdb.d/2-init.sql networks: - - aps-net + aps-net: + aliases: + - kong-db.localtest.me kong-migrations: image: kong:kong-local command: kong migrations bootstrap @@ -189,7 +167,7 @@ services: restart: on-failure:5 redis: image: bitnami/redis:latest - container_name: redis + container_name: redis-master environment: - REDIS_PASSWORD=s3cr3t restart: on-failure @@ -227,5 +205,31 @@ services: aps-net: aliases: - cypress-jwks-url.localtest.me + cypress: + image: aps-cypress-e2e:latest + container_name: cypress-e2e + entrypoint: sh -c "chmod +x /tmp/entrypoint.sh && /tmp/entrypoint.sh" + environment: + - CYPRESS_RECORD_KEY=${CY_RECORD_KEY} + - CYPRESS_PROJECT_ID=${CY_PROJECT_ID} + - RUN_ENV=${CY_EXECUTION_ENV} + - COMMIT_INFO_BRANCH=${CY_COMMIT_BRANCH} + - COMMIT_INFO_SHA=${CY_COMMIT_SHA} + - COMMIT_INFO_AUTHOR=${CY_COMMIT_AUTHOR} + - COMMIT_INFO_MESSAGE=${CY_COMMIT_MESSAGE} + - COMMIT_INFO_REMOTE=${CY_REPO_URL} + - COMMIT_INFO_EMAIL=${CY_COMMIT_AUTHOR_EMAIL} + depends_on: + - feeder-seeding + build: + context: ./e2e + dockerfile: Dockerfile + volumes: + - ./e2e/coverage:/e2e/coverage + - ./e2e/results:/e2e/results + networks: + - aps-net + profiles: + - testsuite networks: aps-net: {} diff --git a/e2e/Dockerfile b/e2e/Dockerfile index 70df0662a..1f8e8ed02 100644 --- a/e2e/Dockerfile +++ b/e2e/Dockerfile @@ -3,16 +3,20 @@ FROM cypress/included:12.17.4 WORKDIR /e2e RUN apt-get -y update; apt-get -y install curl -COPY cypress.config.ts /e2e -COPY tsconfig.json /e2e COPY package.json /e2e COPY package-lock.json /e2e +RUN npm install + +COPY cypress.config.ts /e2e +COPY tsconfig.json /e2e COPY *.yml /e2e COPY entrypoint.sh /tmp -COPY gwa /usr/local/bin ADD cypress /e2e/cypress -RUN npm install +RUN curl -v -L -O https://github.com/bcgov/gwa-cli/releases/download/v2.0.15/gwa_Linux_x86_64.tgz \ + && tar -xzf gwa_Linux_x86_64.tgz \ + && mv gwa /usr/local/bin/. + ENTRYPOINT ["npm", "run", "cy:run:html"] \ No newline at end of file diff --git a/e2e/README.md b/e2e/README.md index b3adacaff..4c66d1def 100644 --- a/e2e/README.md +++ b/e2e/README.md @@ -63,6 +63,11 @@ Install Cypress on your local machine by following [these instructions](https:// ## 3. Cypress on Windows +> [!NOTE] +> WSL2 now supports running Linux GUI apps. [Get setup here](https://learn.microsoft.com/en-us/windows/wsl/tutorials/gui-apps) and follow the regular instructions above for setting up Cypress + +### Legacy Instructions: + You will need a copy of the API Service Portal on both your local machine and within your WSL 2/Linux distribution. Instructions pertaining to either WSL 2 or your local machine are prefaced with `WSL` and `LM` respectively in the following sections. diff --git a/e2e/cypress.config.ts b/e2e/cypress.config.ts index 526b4dd58..9aaa4fe9d 100644 --- a/e2e/cypress.config.ts +++ b/e2e/cypress.config.ts @@ -49,15 +49,15 @@ export default defineConfig({ env: { CLIENT_ID: 'aps-portal', CLIENT_SECRET: '8e1a17ed-cb93-4806-ac32-e303d1c86018', - OIDC_ISSUER: 'http://keycloak.localtest.me:9080', + OIDC_ISSUER: 'http://keycloak.localtest.me:9081', TOKEN_URL: - 'http://keycloak.localtest.me:9080/auth/realms/master/protocol/openid-connect/token', + 'http://keycloak.localtest.me:9081/auth/realms/master/protocol/openid-connect/token', GWA_API_URL: 'http://gwa-api.localtest.me:2000/v2', KONG_URL: 'http://kong.localtest.me:8000', JWKS_URL: 'http://cypress-jwks-url.localtest.me:3500', KONG_CONFIG_URL: 'http://kong.localtest.me:8001', BASE_URL: 'http://oauth2proxy.localtest.me:4180', - KEYCLOAK_URL: 'http://keycloak.localtest.me:9080', + KEYCLOAK_URL: 'http://keycloak.localtest.me:9081', WEBAPP_URL: 'http://html-sample-app.localtest.me:4242' }, retries: { diff --git a/e2e/cypress/fixtures/api.json b/e2e/cypress/fixtures/api.json index 41435f225..91dbdac97 100644 --- a/e2e/cypress/fixtures/api.json +++ b/e2e/cypress/fixtures/api.json @@ -197,7 +197,7 @@ "environmentDetails": [ { "environment": "dev", - "issuerUrl": "http://keycloak.localtest.me:9080/auth/realms/master", + "issuerUrl": "http://keycloak.localtest.me:9081/auth/realms/master", "clientRegistration": "managed", "clientId": "cypress-auth-profile", "clientSecret": "43badfc1-c06f-4bec-bab6-ccdc764071ac" @@ -214,7 +214,7 @@ "environmentDetails": [ { "environment": "test", - "issuerUrl": "http://keycloak.localtest.me:9080/auth/realms/master", + "issuerUrl": "http://keycloak.localtest.me:9081/auth/realms/master", "clientRegistration": "managed", "clientId": "gwa-api", "clientSecret": "18900468-3db1-43f7-a8af-e75f079eb742" @@ -231,7 +231,7 @@ "environmentDetails": [ { "environment": "test", - "issuerUrl": "http://keycloak.localtest.me:9080/auth/realms/master", + "issuerUrl": "http://keycloak.localtest.me:9081/auth/realms/master", "clientRegistration": "managed", "clientId": "gwa-api", "clientSecret": "18900468-3db1-43f7-a8af-e75f079eb742" @@ -251,7 +251,7 @@ "clientRegistration": "managed", "clientSecret": "****", "environment": "test", - "issuerUrl": "http://keycloak.localtest.me:9080/auth/realms/master", + "issuerUrl": "http://keycloak.localtest.me:9081/auth/realms/master", "exists": true } ], @@ -271,7 +271,7 @@ "environmentDetails": [ { "environment": "test", - "issuerUrl": "http://keycloak.localtest.me:9080/auth/realms/master", + "issuerUrl": "http://keycloak.localtest.me:9081/auth/realms/master", "clientRegistration": "managed", "clientId": "gwa-api", "clientSecret": "18900468-3db1-43f7-a8af-e75f079eb742" @@ -305,7 +305,7 @@ { "exists": true, "environment": "test", - "issuerUrl": "http://keycloak.localtest.me:9080/auth/realms/master", + "issuerUrl": "http://keycloak.localtest.me:9081/auth/realms/master", "clientRegistration": "shared-idp", "clientId": "ap-my-auth-client-secret-1-test" } diff --git a/e2e/cypress/fixtures/apiowner.json b/e2e/cypress/fixtures/apiowner.json index fdd261d0e..f78c2ef56 100644 --- a/e2e/cypress/fixtures/apiowner.json +++ b/e2e/cypress/fixtures/apiowner.json @@ -86,7 +86,7 @@ "environmentConfig": { "environment": "Development", "clientRegistration": "Managed", - "idpIssuerUrl": "http://keycloak.localtest.me:9080/auth/realms/master", + "idpIssuerUrl": "http://keycloak.localtest.me:9081/auth/realms/master", "clientId": "cypress-auth-profile", "clientSecret": "43badfc1-c06f-4bec-bab6-ccdc764071ac" } @@ -112,7 +112,7 @@ "environmentConfig": { "environment": "Sandbox", "clientRegistration": "Managed", - "idpIssuerUrl": "http://keycloak.localtest.me:9080/auth/realms/master", + "idpIssuerUrl": "http://keycloak.localtest.me:9081/auth/realms/master", "clientId": "cypress-auth-profile", "clientSecret": "43badfc1-c06f-4bec-bab6-ccdc764071ac" } @@ -151,7 +151,7 @@ "environmentConfig": { "environment": "Other", "clientRegistration": "Managed", - "idpIssuerUrl": "http://keycloak.localtest.me:9080/auth/realms/master", + "idpIssuerUrl": "http://keycloak.localtest.me:9081/auth/realms/master", "clientId": "invalid-auth-profile", "clientSecret": "43badfc1-c06f-4bec-bab6-1234" } @@ -182,7 +182,7 @@ "environmentConfig": { "environment": "Test", "clientRegistration": "Managed", - "idpIssuerUrl": "http://keycloak.localtest.me:9080/auth/realms/master", + "idpIssuerUrl": "http://keycloak.localtest.me:9081/auth/realms/master", "clientId": "cypress-auth-profile", "clientSecret": "43badfc1-c06f-4bec-bab6-ccdc764071ac" } @@ -261,7 +261,7 @@ "environmentConfig": { "environment": "Test", "clientRegistration": "Managed", - "idpIssuerUrl": "http://keycloak.localtest.me:9080/auth/realms/master", + "idpIssuerUrl": "http://keycloak.localtest.me:9081/auth/realms/master", "clientId": "cypress-auth-profile", "clientSecret": "43badfc1-c06f-4bec-bab6-ccdc764071ac" } @@ -279,6 +279,38 @@ } } }, + "protectedExternally": { + "protectedExternally_initial": { + "product": { + "name": "New-Auto Test Product", + "orgName": "Ministry of Health", + "orgUnitName": "Planning and Innovation Division", + "environment": { + "name": "test", + "config": { + "terms": "Terms of Use for API Gateway", + "authorization": "Public", + "optionalInstructions": "This is a automation test" + } + } + } + }, + "protectedExternally_external": { + "product": { + "name": "New-Auto Test Product", + "orgName": "Ministry of Health", + "orgUnitName": "Planning and Innovation Division", + "environment": { + "name": "test", + "config": { + "terms": "Terms of Use for API Gateway", + "authorization": "Protected Externally", + "optionalInstructions": "This is a automation test" + } + } + } + } + }, "namespacePreview": { "namespace": "gw-07034", "serviceAccount": { diff --git a/e2e/cypress/fixtures/credential-issuer.json b/e2e/cypress/fixtures/credential-issuer.json index 3d6a9ea9a..bc080e93b 100644 --- a/e2e/cypress/fixtures/credential-issuer.json +++ b/e2e/cypress/fixtures/credential-issuer.json @@ -18,7 +18,7 @@ "environmentConfig": { "environment": "Development", "clientRegistration": "Managed", - "idpIssuerUrl": "http://keycloak.localtest.me:9080/auth/realms/master", + "idpIssuerUrl": "http://keycloak.localtest.me:9081/auth/realms/master", "clientId": "cc-auth-profile", "clientSecret": "43badfc1-c06f-4bec-bab6-ccdc764071ac" } @@ -55,7 +55,7 @@ "environmentConfig": { "environment": "Test", "clientRegistration": "Managed", - "idpIssuerUrl": "http://keycloak.localtest.me:9080/auth/realms/master", + "idpIssuerUrl": "http://keycloak.localtest.me:9081/auth/realms/master", "clientId": "cypress-auth-profile", "clientSecret": "43badfc1-c06f-4bec-bab6-ccdc764071ac" } diff --git a/e2e/cypress/fixtures/state/regen.json b/e2e/cypress/fixtures/state/regen.json index 6636d92c9..9dc57724e 100644 --- a/e2e/cypress/fixtures/state/regen.json +++ b/e2e/cypress/fixtures/state/regen.json @@ -1,6 +1,6 @@ { "apikey": "qiHHqk9lIzTgP1j94nHp5C1bNVJBOWnG", "consumernumber": "B15172D9-F103D11A9A1", - "clientidsecret": "{\"clientId\": \"A7D72430-52CD37B2420\", \"clientSecret\": \"282718d8-d0c2-45a0-8885-3539f0ca5fea\", \"tokenEndpoint\": \"http://keycloak.localtest.me:9080/auth/realms/master/protocol/openid-connect/token\"}", + "clientidsecret": "{\"clientId\": \"A7D72430-52CD37B2420\", \"clientSecret\": \"282718d8-d0c2-45a0-8885-3539f0ca5fea\", \"tokenEndpoint\": \"http://keycloak.localtest.me:9081/auth/realms/master/protocol/openid-connect/token\"}", "credentials": "{\"clientId\": \"sa-ccplatform-e0000000-d339cbfcda5e\", \"clientSecret\": \"f5127730-df13-453d-ace0-a30a1255e30d\"}" } \ No newline at end of file diff --git a/e2e/cypress/fixtures/test_data/authorizationProfile.json b/e2e/cypress/fixtures/test_data/authorizationProfile.json index dd3f12bd2..8b56924b0 100644 --- a/e2e/cypress/fixtures/test_data/authorizationProfile.json +++ b/e2e/cypress/fixtures/test_data/authorizationProfile.json @@ -4,7 +4,7 @@ "environmentDetails": [ { "environment": "dev", - "issuerUrl": "http://keycloak.localtest.me:9080/auth/realms/master", + "issuerUrl": "http://keycloak.localtest.me:9081/auth/realms/master", "clientRegistration": "managed", "clientId": "cypress-auth-profile", "clientSecret": "43badfc1-c06f-4bec-bab6-ccdc764071ac" @@ -34,7 +34,7 @@ "environmentDetails": [ { "environment": "dev", - "issuerUrl": "http://keycloak.localtest.me:9080/auth/realms/master", + "issuerUrl": "http://keycloak.localtest.me:9081/auth/realms/master", "clientRegistration": "managed", "clientId": "cypress-auth-profile", "clientSecret": "43badfc1-c06f-4bec-bab6-ccdc764071ac" @@ -53,7 +53,7 @@ "environmentDetails": [ { "environment": "dev", - "issuerUrl": "http://keycloak.localtest.me:9080/auth/realms/master", + "issuerUrl": "http://keycloak.localtest.me:9081/auth/realms/master", "clientRegistration": "managed", "clientId": "cypress-auth-profile", "clientSecret": "43badfc1-c06f-4bec-bab6-ccdc764071ac" diff --git a/e2e/cypress/fixtures/test_data/gwa-issuer.yaml b/e2e/cypress/fixtures/test_data/gwa-issuer.yaml index fb1c7a992..534684eea 100644 --- a/e2e/cypress/fixtures/test_data/gwa-issuer.yaml +++ b/e2e/cypress/fixtures/test_data/gwa-issuer.yaml @@ -5,7 +5,7 @@ clientAuthenticator: client-secret mode: auto environmentDetails: - environment: test - issuerUrl: http://keycloak.localtest.me:9080/auth/realms/master + issuerUrl: http://keycloak.localtest.me:9081/auth/realms/master clientRegistration: managed clientId: gwa-api clientSecret: 18900468-3db1-43f7-a8af-e75f079eb742 diff --git a/e2e/cypress/pageObjects/apiDirectory.ts b/e2e/cypress/pageObjects/apiDirectory.ts index f0911e67e..0aba56503 100644 --- a/e2e/cypress/pageObjects/apiDirectory.ts +++ b/e2e/cypress/pageObjects/apiDirectory.ts @@ -24,7 +24,7 @@ class ApiDirectoryPage { cy.contains('a', product.name, { timeout: 10000 }).should('be.visible'); cy.contains(product.name).click() if (elevatedAccess) { - cy.contains('For elevated access, please Request Access').should('be.visible'); + cy.contains('For elevated access, please request acces').should('be.visible'); } cy.get(this.rqstAccessBtn).click() cy.get(this.appSelect).select(app.name) @@ -106,6 +106,12 @@ class ApiDirectoryPage { }) } + checkProductIcon(productName: string, expectedIcon: string) { + const pname: string = productName.toLowerCase().replaceAll(' ', '-') + var ele: string = `[data-testid=product-icon-${pname}-${expectedIcon}]` + cy.get(ele).should('exist') + } + addOrganizationAndOrgUnit(product: any) { cy.contains('button', 'Add Organization').click({ force: true }) cy.get(this.orgDropDown).select(product.orgName) diff --git a/e2e/cypress/support/auth-commands.ts b/e2e/cypress/support/auth-commands.ts index ee920d741..65263d7ff 100644 --- a/e2e/cypress/support/auth-commands.ts +++ b/e2e/cypress/support/auth-commands.ts @@ -91,7 +91,6 @@ Cypress.Commands.add('resetCredential', (accessRole: string) => { const login = new LoginPage() const home = new HomePage() const na = new NamespaceAccessPage() - cy.deleteAllCookies() cy.visit('/') cy.reload() cy.fixture('apiowner').as('apiowner') @@ -117,7 +116,6 @@ Cypress.Commands.add('getUserSessionTokenValue', (namespace: string, isNamespace const home = new HomePage() const na = new NamespaceAccessPage() let userSession: string - cy.deleteAllCookies() cy.visit('/') cy.reload() cy.fixture('apiowner').as('apiowner') @@ -201,8 +199,10 @@ Cypress.Commands.add('logout', () => { cy.log('< Logging out') cy.getSession().then(() => { cy.get('@session').then((res: any) => { + cy.visit('/') + cy.wait(3000) cy.get('[data-testid=auth-menu-user]').click({ force: true }) - cy.contains('Logout').click() + cy.get('[data-testid=auth-menu-signout-btn]').click({ force: true }) }) }) cy.log('> Logging out') diff --git a/e2e/cypress/tests/01-api-key/01-create-api.cy.ts b/e2e/cypress/tests/01-api-key/01-create-api.cy.ts index 9fe06b03c..63d3d589e 100644 --- a/e2e/cypress/tests/01-api-key/01-create-api.cy.ts +++ b/e2e/cypress/tests/01-api-key/01-create-api.cy.ts @@ -4,7 +4,7 @@ import Products from '../../pageObjects/products' import ServiceAccountsPage from '../../pageObjects/serviceAccounts' -describe('Create API Spec', () => { +describe('Create API Spec', () => { const login = new LoginPage() const home = new HomePage() const sa = new ServiceAccountsPage() @@ -14,9 +14,9 @@ describe('Create API Spec', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() + cy.reload(true) cy.resetState() + cy.deleteAllCookies() }) beforeEach(() => { @@ -180,7 +180,5 @@ it('Verify gwa gateway publish multiple config file', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) diff --git a/e2e/cypress/tests/01-api-key/03-request-access-inactive-env.cy.ts b/e2e/cypress/tests/01-api-key/03-request-access-inactive-env.cy.ts index 20479b2a8..5b9ca7ba5 100644 --- a/e2e/cypress/tests/01-api-key/03-request-access-inactive-env.cy.ts +++ b/e2e/cypress/tests/01-api-key/03-request-access-inactive-env.cy.ts @@ -15,7 +15,7 @@ describe('Change an Active environment to Inactive', () => { before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -48,8 +48,6 @@ describe('Change an Active environment to Inactive', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -60,13 +58,12 @@ describe('Verify enactive environment in rrequest access pop up', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() }) beforeEach(() => { cy.preserveCookies() cy.fixture('developer').as('developer') + Cypress.session.clearAllSavedSessions() // cy.visit(login.path) }) @@ -96,8 +93,12 @@ describe('Verify enactive environment in rrequest access pop up', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() + // cy.clearLocalStorage({ log: true }) + // cy.deleteAllCookies() + // Cypress.session.clearAllSavedSessions() + // cy.clearCookie('_oauth2_proxy') + // cy.clearCookie('keystone.sid') + // debugger }) }) @@ -108,9 +109,12 @@ describe('Change an the environment back to active', () => { const pd = new Products() before(() => { + debugger + // cy.clearAllSessionStorage({log: true}) cy.visit('/') - cy.deleteAllCookies() - cy.reload() + // cy.deleteAllCookies() + // cy.clearCookies() + // cy.reload(true) }) beforeEach(() => { @@ -131,6 +135,7 @@ describe('Change an the environment back to active', () => { }) it('Navigate to Products Page', () => { + debugger cy.visit(pd.path) }) @@ -143,7 +148,7 @@ describe('Change an the environment back to active', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() + // cy.clearLocalStorage({ log: true }) + // cy.deleteAllCookies() }) }) \ No newline at end of file diff --git a/e2e/cypress/tests/01-api-key/04-request-access-with-out-collecting-credentials.cy.ts b/e2e/cypress/tests/01-api-key/04-request-access-with-out-collecting-credentials.cy.ts index 4eb63eb4c..20ec0de6f 100644 --- a/e2e/cypress/tests/01-api-key/04-request-access-with-out-collecting-credentials.cy.ts +++ b/e2e/cypress/tests/01-api-key/04-request-access-with-out-collecting-credentials.cy.ts @@ -11,8 +11,7 @@ describe('Request Access without colleting credential Spec', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -39,7 +38,5 @@ describe('Request Access without colleting credential Spec', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) diff --git a/e2e/cypress/tests/01-api-key/07-approve-pending-rqst.cy.ts b/e2e/cypress/tests/01-api-key/07-approve-pending-rqst.cy.ts index d48bc2e33..d20c171f1 100644 --- a/e2e/cypress/tests/01-api-key/07-approve-pending-rqst.cy.ts +++ b/e2e/cypress/tests/01-api-key/07-approve-pending-rqst.cy.ts @@ -11,7 +11,7 @@ describe('Approve Pending Request Spec', () => { before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -72,8 +72,6 @@ describe('Approve Pending Request Spec', () => { }) after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) diff --git a/e2e/cypress/tests/01-api-key/08-grant-access.cy.ts b/e2e/cypress/tests/01-api-key/08-grant-access.cy.ts index 238af646d..b405ae971 100644 --- a/e2e/cypress/tests/01-api-key/08-grant-access.cy.ts +++ b/e2e/cypress/tests/01-api-key/08-grant-access.cy.ts @@ -11,7 +11,7 @@ describe('Grant Access Spec', () => { before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { diff --git a/e2e/cypress/tests/02-client-credential-flow/01-client-cred-team-access.cy.ts b/e2e/cypress/tests/02-client-credential-flow/01-client-cred-team-access.cy.ts index c0ba4af3a..29b770c58 100644 --- a/e2e/cypress/tests/02-client-credential-flow/01-client-cred-team-access.cy.ts +++ b/e2e/cypress/tests/02-client-credential-flow/01-client-cred-team-access.cy.ts @@ -13,7 +13,7 @@ describe('Grant appropriate permissions to team members for client credential fl before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -39,7 +39,8 @@ describe('Grant appropriate permissions to team members for client credential fl it('create namespace using gwa cli command', () => { var cleanedUrl = Cypress.env('BASE_URL').replace(/^http?:\/\//i, ""); - cy.exec('gwa namespace create --host ' + cleanedUrl + ' --scheme http', { timeout: 3000, failOnNonZeroExit: false }).then((response) => { + cy.exec('gwa namespace create --generate --host ' + cleanedUrl + ' --scheme http', { timeout: 5000, failOnNonZeroExit: false }).then((response) => { + debugger assert.isNotNaN(response.stdout) namespace = response.stdout cy.replaceWordInJsonObject('ccplatform', namespace, 'cc-service-gwa.yml') diff --git a/e2e/cypress/tests/02-client-credential-flow/02-create_authorizarion_profile.cy.ts b/e2e/cypress/tests/02-client-credential-flow/02-create_authorizarion_profile.cy.ts index e7b0ec4db..117465051 100644 --- a/e2e/cypress/tests/02-client-credential-flow/02-create_authorizarion_profile.cy.ts +++ b/e2e/cypress/tests/02-client-credential-flow/02-create_authorizarion_profile.cy.ts @@ -12,7 +12,7 @@ describe('Generate Authorization Profiles', () => { before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -81,7 +81,5 @@ describe('Generate Authorization Profiles', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) \ No newline at end of file diff --git a/e2e/cypress/tests/02-client-credential-flow/05-cids-access-approve-api-rqst.cy.ts b/e2e/cypress/tests/02-client-credential-flow/05-cids-access-approve-api-rqst.cy.ts index 37c0be416..7c2b38156 100644 --- a/e2e/cypress/tests/02-client-credential-flow/05-cids-access-approve-api-rqst.cy.ts +++ b/e2e/cypress/tests/02-client-credential-flow/05-cids-access-approve-api-rqst.cy.ts @@ -13,8 +13,7 @@ describe('Access manager approves developer access request for Client ID/Secret before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -51,8 +50,6 @@ describe('Access manager approves developer access request for Client ID/Secret after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -80,219 +77,4 @@ describe('Make an API request using Client ID, Secret, and Access Token', () => }) }) }) -}) - -describe('Verify the selected client scoped is displayed in assigned default list', () => { - const clientScopes = new keycloakClientScopesPage() - const groups = new keycloakGroupPage() - var nameSpace: string - const home = new HomePage() - const authProfile = new AuthorizationProfile() - - before(() => { - cy.visit(Cypress.env('KEYCLOAK_URL')) - cy.deleteAllCookies() - cy.reload() - }) - - beforeEach(() => { - cy.preserveCookies() - cy.fixture('developer').as('developer') - cy.fixture('apiowner').as('apiowner') - cy.fixture('state/regen').as('regen') - cy.fixture('admin').as('admin') - }) - - it('Authenticates Admin owner', () => { - cy.get('@admin').then(({ user }: any) => { - cy.contains('Administration Console').click({ force: true }) - cy.keycloakLogin(user.credentials.username, user.credentials.password) - }) - }) - - it('Navigate to Clients page', () => { - cy.contains('Clients').click() - }) - - it('Select the consumer ID', () => { - cy.readFile('cypress/fixtures/state/store.json').then((store_res) => { - let cc = JSON.parse(store_res.clientidsecret) - cy.contains(cc.clientId).click() - }) - }) - - it('Navigate to client scope tab', () => { - clientScopes.selectTab('Client Scopes') - }) - - it('Verify that "System.Write" scope is in assigned default scope', () => { - clientScopes.verifyAssignedScope('System.Write', true) - }) - - after(() => { - cy.keycloakLogout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() - }) - -}) - -describe('Deselect the scope from authorization tab', () => { - const login = new LoginPage() - const home = new HomePage() - const consumers = new ConsumersPage() - - before(() => { - cy.visit('/') - cy.deleteAllCookies() - cy.reload() - }) - - beforeEach(() => { - cy.preserveCookies() - cy.fixture('access-manager').as('access-manager') - cy.fixture('apiowner').as('apiowner') - cy.fixture('manage-control-config-setting').as('manage-control-config-setting') - cy.fixture('common-testdata').as('common-testdata') - // cy.visit(login.path) - }) - - it('authenticates Mark (Access Manager)', () => { - cy.get('@access-manager').then(({ user }: any) => { - cy.get('@common-testdata').then(({ clientCredentials }: any) => { - cy.login(user.credentials.username, user.credentials.password).then(() => { - home.useNamespace(clientCredentials.namespace); - }) - }) - }) - }) - - it('Navigate to Consumer page ', () => { - cy.visit(consumers.path); - }) - - it('Select the consumer from the list ', () => { - consumers.clickOnTheFirstConsumerID() - }) - - it('Deselect scopes in Authorization Tab', () => { - cy.get('@apiowner').then(({ clientCredentials }: any) => { - consumers.editConsumerDialog() - consumers.selectAuthorizationScope(clientCredentials.clientIdSecret.authProfile.scopes, false) - consumers.saveAppliedConfig() - }) - }) -}) - -describe('Verify the selected client scoped is not displayed in assigned default list', () => { - const clientScopes = new keycloakClientScopesPage() - const groups = new keycloakGroupPage() - var nameSpace: string - const home = new HomePage() - const authProfile = new AuthorizationProfile() - - before(() => { - cy.visit(Cypress.env('KEYCLOAK_URL')) - cy.deleteAllCookies() - cy.reload() - }) - - beforeEach(() => { - cy.preserveCookies() - cy.fixture('developer').as('developer') - cy.fixture('apiowner').as('apiowner') - cy.fixture('state/regen').as('regen') - cy.fixture('admin').as('admin') - }) - - it('Authenticates Admin owner', () => { - cy.get('@admin').then(({ user }: any) => { - cy.contains('Administration Console').click({ force: true }) - cy.keycloakLogin(user.credentials.username, user.credentials.password) - }) - }) - - it('Navigate to Clients page', () => { - cy.contains('Clients').click() - }) - - it('Select the consumer ID', () => { - cy.readFile('cypress/fixtures/state/store.json').then((store_res) => { - let cc = JSON.parse(store_res.clientidsecret) - cy.contains(cc.clientId).click() - }) - }) - - it('Navigate to client scope tab', () => { - clientScopes.selectTab('Client Scopes') - }) - - it('Verify that "System.Write" scope is not in assigned default scope', () => { - clientScopes.verifyAssignedScope('System.Write', false) - }) - - after(() => { - cy.keycloakLogout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() - }) - -}) - -// describe('Revoke product environment access for Client Credential authorization spec', () => { -// const login = new LoginPage() -// const consumers = new ConsumersPage() -// const home = new HomePage() - -// before(() => { -// cy.visit('/') -// cy.deleteAllCookies() -// cy.reload() -// }) - -// beforeEach(() => { -// cy.preserveCookies() -// cy.fixture('access-manager').as('access-manager') -// cy.fixture('apiowner').as('apiowner') -// cy.fixture('developer').as('developer') -// cy.fixture('state/store').as('store') -// }) - -// it('authenticates Mark (Access-Manager)', () => { -// cy.get('@apiowner').then(({ clientCredentials }: any) => { -// cy.get('@access-manager').then(({ user }: any) => { -// cy.login(user.credentials.username, user.credentials.password) -// home.useNamespace(clientCredentials.namespace); -// }) -// }) -// }) - -// it('Navigate to Consumer page and filter the product', () => { -// cy.get('@apiowner').then(({ clientCredentials }: any) => { -// cy.visit(consumers.path); -// let product = clientCredentials.clientIdSecret.product -// consumers.filterConsumerByTypeAndValue('Products', product.name) -// }) -// }) - -// it('Click on the first consumer', () => { -// consumers.clickOnTheFirstConsumerID() -// }) - -// it('Revoke access for Test environment', () => { -// cy.wait(1000) -// consumers.revokeProductEnvAccess('Test') -// }) - -// it('Verify the confirmation message once the access is revoked', () => { -// cy.verifyToastMessage("Product Revoked") -// }) - - -// after(() => { -// cy.logout() -// cy.clearLocalStorage({ log: true }) -// cy.deleteAllCookies() -// }) - -// }) \ No newline at end of file +}) \ No newline at end of file diff --git a/e2e/cypress/tests/02-client-credential-flow/06-client-scope-in-keycloak.ts b/e2e/cypress/tests/02-client-credential-flow/06-client-scope-in-keycloak.ts new file mode 100644 index 000000000..4dd9351cc --- /dev/null +++ b/e2e/cypress/tests/02-client-credential-flow/06-client-scope-in-keycloak.ts @@ -0,0 +1,59 @@ +import HomePage from '../../pageObjects/home' +import LoginPage from '../../pageObjects/login' +import ConsumersPage from '../../pageObjects/consumers' +import KeycloakUserGroupPage from '../../pageObjects/keycloakUserGroup' +import keycloakGroupPage from '../../pageObjects/keycloakGroup' +import AuthorizationProfile from '../../pageObjects/authProfile' +import keycloakClientScopesPage from '../../pageObjects/keycloakClientScopes' + +describe('Verify the selected client scoped is displayed in assigned default list', () => { + const clientScopes = new keycloakClientScopesPage() + const groups = new keycloakGroupPage() + var nameSpace: string + const home = new HomePage() + const authProfile = new AuthorizationProfile() + + before(() => { + cy.visit(Cypress.env('KEYCLOAK_URL')) + cy.reload(true) + }) + + beforeEach(() => { + cy.preserveCookies() + cy.fixture('developer').as('developer') + cy.fixture('apiowner').as('apiowner') + cy.fixture('state/regen').as('regen') + cy.fixture('admin').as('admin') + }) + + it('Authenticates Admin owner', () => { + cy.get('@admin').then(({ user }: any) => { + cy.contains('Administration Console').click({ force: true }) + cy.keycloakLogin(user.credentials.username, user.credentials.password) + }) + }) + + it('Navigate to Clients page', () => { + cy.contains('Clients').click() + }) + + it('Select the consumer ID', () => { + cy.readFile('cypress/fixtures/state/store.json').then((store_res) => { + let cc = JSON.parse(store_res.clientidsecret) + cy.contains(cc.clientId).click() + }) + }) + + it('Navigate to client scope tab', () => { + clientScopes.selectTab('Client Scopes') + }) + + it('Verify that "System.Write" scope is in assigned default scope', () => { + clientScopes.verifyAssignedScope('System.Write', true) + }) + + after(() => { + cy.keycloakLogout() + }) + +}) \ No newline at end of file diff --git a/e2e/cypress/tests/02-client-credential-flow/07-deselect-scope.ts b/e2e/cypress/tests/02-client-credential-flow/07-deselect-scope.ts new file mode 100644 index 000000000..42f58f8b6 --- /dev/null +++ b/e2e/cypress/tests/02-client-credential-flow/07-deselect-scope.ts @@ -0,0 +1,56 @@ +import HomePage from '../../pageObjects/home' +import LoginPage from '../../pageObjects/login' +import ConsumersPage from '../../pageObjects/consumers' +import KeycloakUserGroupPage from '../../pageObjects/keycloakUserGroup' +import keycloakGroupPage from '../../pageObjects/keycloakGroup' +import AuthorizationProfile from '../../pageObjects/authProfile' +import keycloakClientScopesPage from '../../pageObjects/keycloakClientScopes' + +describe('Deselect the scope from authorization tab', () => { + const login = new LoginPage() + const home = new HomePage() + const consumers = new ConsumersPage() + + before(() => { + cy.visit('/') + cy.reload(true) + }) + + beforeEach(() => { + cy.preserveCookies() + cy.fixture('access-manager').as('access-manager') + cy.fixture('apiowner').as('apiowner') + cy.fixture('manage-control-config-setting').as('manage-control-config-setting') + cy.fixture('common-testdata').as('common-testdata') + // cy.visit(login.path) + }) + + it('authenticates Mark (Access Manager)', () => { + cy.get('@access-manager').then(({ user }: any) => { + cy.get('@common-testdata').then(({ clientCredentials }: any) => { + cy.login(user.credentials.username, user.credentials.password).then(() => { + home.useNamespace(clientCredentials.namespace); + }) + }) + }) + }) + + it('Navigate to Consumer page ', () => { + cy.visit(consumers.path); + }) + + it('Select the consumer from the list ', () => { + consumers.clickOnTheFirstConsumerID() + }) + + it('Deselect scopes in Authorization Tab', () => { + cy.get('@apiowner').then(({ clientCredentials }: any) => { + consumers.editConsumerDialog() + consumers.selectAuthorizationScope(clientCredentials.clientIdSecret.authProfile.scopes, false) + consumers.saveAppliedConfig() + }) + }) + after(() => { + cy.logout() + }) +}) \ No newline at end of file diff --git a/e2e/cypress/tests/02-client-credential-flow/08-verify-client-scope-in-default-list.ts b/e2e/cypress/tests/02-client-credential-flow/08-verify-client-scope-in-default-list.ts new file mode 100644 index 000000000..221c38808 --- /dev/null +++ b/e2e/cypress/tests/02-client-credential-flow/08-verify-client-scope-in-default-list.ts @@ -0,0 +1,117 @@ +import HomePage from '../../pageObjects/home' +import LoginPage from '../../pageObjects/login' +import ConsumersPage from '../../pageObjects/consumers' +import KeycloakUserGroupPage from '../../pageObjects/keycloakUserGroup' +import keycloakGroupPage from '../../pageObjects/keycloakGroup' +import AuthorizationProfile from '../../pageObjects/authProfile' +import keycloakClientScopesPage from '../../pageObjects/keycloakClientScopes' + +describe('Verify the selected client scoped is not displayed in assigned default list', () => { + const clientScopes = new keycloakClientScopesPage() + const groups = new keycloakGroupPage() + var nameSpace: string + const home = new HomePage() + const authProfile = new AuthorizationProfile() + + before(() => { + cy.visit(Cypress.env('KEYCLOAK_URL')) + cy.reload(true) + }) + + beforeEach(() => { + cy.preserveCookies() + cy.fixture('developer').as('developer') + cy.fixture('apiowner').as('apiowner') + cy.fixture('state/regen').as('regen') + cy.fixture('admin').as('admin') + }) + + it('Authenticates Admin owner', () => { + cy.get('@admin').then(({ user }: any) => { + cy.contains('Administration Console').click({ force: true }) + cy.keycloakLogin(user.credentials.username, user.credentials.password) + }) + }) + + it('Navigate to Clients page', () => { + cy.contains('Clients').click() + }) + + it('Select the consumer ID', () => { + cy.readFile('cypress/fixtures/state/store.json').then((store_res) => { + let cc = JSON.parse(store_res.clientidsecret) + cy.contains(cc.clientId).click() + }) + }) + + it('Navigate to client scope tab', () => { + clientScopes.selectTab('Client Scopes') + }) + + it('Verify that "System.Write" scope is not in assigned default scope', () => { + clientScopes.verifyAssignedScope('System.Write', false) + }) + + after(() => { + cy.keycloakLogout() + }) + +}) + +// describe('Revoke product environment access for Client Credential authorization spec', () => { +// const login = new LoginPage() +// const consumers = new ConsumersPage() +// const home = new HomePage() + +// before(() => { +// cy.visit('/') +// cy.deleteAllCookies() +// cy.reload(true) +// }) + +// beforeEach(() => { +// cy.preserveCookies() +// cy.fixture('access-manager').as('access-manager') +// cy.fixture('apiowner').as('apiowner') +// cy.fixture('developer').as('developer') +// cy.fixture('state/store').as('store') +// }) + +// it('authenticates Mark (Access-Manager)', () => { +// cy.get('@apiowner').then(({ clientCredentials }: any) => { +// cy.get('@access-manager').then(({ user }: any) => { +// cy.login(user.credentials.username, user.credentials.password) +// home.useNamespace(clientCredentials.namespace); +// }) +// }) +// }) + +// it('Navigate to Consumer page and filter the product', () => { +// cy.get('@apiowner').then(({ clientCredentials }: any) => { +// cy.visit(consumers.path); +// let product = clientCredentials.clientIdSecret.product +// consumers.filterConsumerByTypeAndValue('Products', product.name) +// }) +// }) + +// it('Click on the first consumer', () => { +// consumers.clickOnTheFirstConsumerID() +// }) + +// it('Revoke access for Test environment', () => { +// cy.wait(1000) +// consumers.revokeProductEnvAccess('Test') +// }) + +// it('Verify the confirmation message once the access is revoked', () => { +// cy.verifyToastMessage("Product Revoked") +// }) + + +// after(() => { +// cy.logout() +// cy.clearLocalStorage({ log: true }) +// cy.deleteAllCookies() +// }) + +// }) \ No newline at end of file diff --git a/e2e/cypress/tests/02-client-credential-flow/06-jwt-genkp-access-rqst.cy.ts b/e2e/cypress/tests/02-client-credential-flow/09-jwt-genkp-access-rqst.cy.ts similarity index 93% rename from e2e/cypress/tests/02-client-credential-flow/06-jwt-genkp-access-rqst.cy.ts rename to e2e/cypress/tests/02-client-credential-flow/09-jwt-genkp-access-rqst.cy.ts index 9277a03a9..9fc3f23f0 100644 --- a/e2e/cypress/tests/02-client-credential-flow/06-jwt-genkp-access-rqst.cy.ts +++ b/e2e/cypress/tests/02-client-credential-flow/09-jwt-genkp-access-rqst.cy.ts @@ -11,8 +11,7 @@ describe('Developer creates an access request for JWT Generated Key Pair authent before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -53,7 +52,5 @@ describe('Developer creates an access request for JWT Generated Key Pair authent after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) diff --git a/e2e/cypress/tests/02-client-credential-flow/07-jwt-genkp-access-approve-api-rqst.cy.ts b/e2e/cypress/tests/02-client-credential-flow/10-jwt-genkp-access-approve-api-rqst.cy.ts similarity index 96% rename from e2e/cypress/tests/02-client-credential-flow/07-jwt-genkp-access-approve-api-rqst.cy.ts rename to e2e/cypress/tests/02-client-credential-flow/10-jwt-genkp-access-approve-api-rqst.cy.ts index 140eb982e..6bc97f8ee 100644 --- a/e2e/cypress/tests/02-client-credential-flow/07-jwt-genkp-access-approve-api-rqst.cy.ts +++ b/e2e/cypress/tests/02-client-credential-flow/10-jwt-genkp-access-approve-api-rqst.cy.ts @@ -11,8 +11,7 @@ describe('Access manager approves developer access request for JWT - Generated K before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -45,8 +44,6 @@ describe('Access manager approves developer access request for JWT - Generated K after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) diff --git a/e2e/cypress/tests/02-client-credential-flow/08-jwks-url-gen-keys-access-rqst.cy.ts b/e2e/cypress/tests/02-client-credential-flow/11-jwks-url-gen-keys-access-rqst.cy.ts similarity index 95% rename from e2e/cypress/tests/02-client-credential-flow/08-jwks-url-gen-keys-access-rqst.cy.ts rename to e2e/cypress/tests/02-client-credential-flow/11-jwks-url-gen-keys-access-rqst.cy.ts index 3ab5a3929..1748f02ea 100644 --- a/e2e/cypress/tests/02-client-credential-flow/08-jwks-url-gen-keys-access-rqst.cy.ts +++ b/e2e/cypress/tests/02-client-credential-flow/11-jwks-url-gen-keys-access-rqst.cy.ts @@ -39,8 +39,7 @@ describe('Developer creates an access request for JWKS URL', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -80,7 +79,5 @@ describe('Developer creates an access request for JWKS URL', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) \ No newline at end of file diff --git a/e2e/cypress/tests/02-client-credential-flow/09-jwks-url-access-approval-api-rqst.cy.ts b/e2e/cypress/tests/02-client-credential-flow/12-jwks-url-access-approval-api-rqst.cy.ts similarity index 96% rename from e2e/cypress/tests/02-client-credential-flow/09-jwks-url-access-approval-api-rqst.cy.ts rename to e2e/cypress/tests/02-client-credential-flow/12-jwks-url-access-approval-api-rqst.cy.ts index a46bf0002..6350d1f99 100644 --- a/e2e/cypress/tests/02-client-credential-flow/09-jwks-url-access-approval-api-rqst.cy.ts +++ b/e2e/cypress/tests/02-client-credential-flow/12-jwks-url-access-approval-api-rqst.cy.ts @@ -12,8 +12,7 @@ describe('Access manager approves developer access request for JWKS URL flow', ( before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -46,8 +45,6 @@ describe('Access manager approves developer access request for JWKS URL flow', ( after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) diff --git a/e2e/cypress/tests/02-client-credential-flow/10-jwks-publicKey-access-rqst.cy.ts b/e2e/cypress/tests/02-client-credential-flow/13-jwks-publicKey-access-rqst.cy.ts similarity index 95% rename from e2e/cypress/tests/02-client-credential-flow/10-jwks-publicKey-access-rqst.cy.ts rename to e2e/cypress/tests/02-client-credential-flow/13-jwks-publicKey-access-rqst.cy.ts index 798fdaef3..6895839cc 100644 --- a/e2e/cypress/tests/02-client-credential-flow/10-jwks-publicKey-access-rqst.cy.ts +++ b/e2e/cypress/tests/02-client-credential-flow/13-jwks-publicKey-access-rqst.cy.ts @@ -13,8 +13,7 @@ describe('Generates public/private key and set public key to access request', () before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -71,7 +70,5 @@ describe('Generates public/private key and set public key to access request', () after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) \ No newline at end of file diff --git a/e2e/cypress/tests/02-client-credential-flow/11-jwt-publlicKey-access-approve-api-rqst.cy.ts b/e2e/cypress/tests/02-client-credential-flow/14-jwt-publlicKey-access-approve-api-rqst.cy.ts similarity index 96% rename from e2e/cypress/tests/02-client-credential-flow/11-jwt-publlicKey-access-approve-api-rqst.cy.ts rename to e2e/cypress/tests/02-client-credential-flow/14-jwt-publlicKey-access-approve-api-rqst.cy.ts index aa58e9d32..f9ee17ad9 100644 --- a/e2e/cypress/tests/02-client-credential-flow/11-jwt-publlicKey-access-approve-api-rqst.cy.ts +++ b/e2e/cypress/tests/02-client-credential-flow/14-jwt-publlicKey-access-approve-api-rqst.cy.ts @@ -11,8 +11,7 @@ describe('Access manager approves developer access request for JWT - Generated K before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -46,8 +45,6 @@ describe('Access manager approves developer access request for JWT - Generated K after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) diff --git a/e2e/cypress/tests/03-manage-labels/02-approve-pending-rqst-for-labels.spec.cy.ts b/e2e/cypress/tests/03-manage-labels/02-approve-pending-rqst-for-labels.spec.cy.ts index 8acba76ce..7ff4da239 100644 --- a/e2e/cypress/tests/03-manage-labels/02-approve-pending-rqst-for-labels.spec.cy.ts +++ b/e2e/cypress/tests/03-manage-labels/02-approve-pending-rqst-for-labels.spec.cy.ts @@ -11,7 +11,7 @@ describe('Approve Pending Request Spec', () => { before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -64,8 +64,6 @@ describe('Approve Pending Request Spec', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) diff --git a/e2e/cypress/tests/05-migrate-user/01-migrate-user-access.cy.ts b/e2e/cypress/tests/05-migrate-user/01-migrate-user-access.cy.ts index bd817ab6e..29600e05e 100644 --- a/e2e/cypress/tests/05-migrate-user/01-migrate-user-access.cy.ts +++ b/e2e/cypress/tests/05-migrate-user/01-migrate-user-access.cy.ts @@ -10,8 +10,6 @@ describe('Assign Access to existing user Spec', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() }) beforeEach(() => { @@ -45,8 +43,6 @@ describe('Assign Access to existing user Spec', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -57,8 +53,6 @@ describe('Authernticate with old user to initiate migration', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() }) beforeEach(() => { @@ -81,8 +75,6 @@ describe('Authernticate with old user to initiate migration', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -94,8 +86,6 @@ describe('Verify that permission of old user is migrated to new user', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() }) beforeEach(() => { @@ -138,8 +128,6 @@ describe('Verify that permission of old user is migrated to new user', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -151,8 +139,6 @@ describe('Verify that old user is no longer able to sign in', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() }) beforeEach(() => { @@ -174,7 +160,5 @@ describe('Verify that old user is no longer able to sign in', () => { }) after(() => { - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) diff --git a/e2e/cypress/tests/06-refresh-credential/02-client-credentials.cy.ts b/e2e/cypress/tests/06-refresh-credential/02-client-credentials.cy.ts index 327508156..e7a10e6e4 100644 --- a/e2e/cypress/tests/06-refresh-credential/02-client-credentials.cy.ts +++ b/e2e/cypress/tests/06-refresh-credential/02-client-credentials.cy.ts @@ -13,7 +13,7 @@ import MyAccessPage from '../../pageObjects/myAccess' // before(() => { // cy.visit('/') // cy.deleteAllCookies() -// cy.reload() +// cy.reload(true) // }) // beforeEach(() => { @@ -69,7 +69,7 @@ describe('Regenerate Credential for Client Credentials- Client ID/Secret', () => before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { diff --git a/e2e/cypress/tests/07-manage-control/01-ip-restriction.cy.ts b/e2e/cypress/tests/07-manage-control/01-ip-restriction.cy.ts index 2aeeb2f6e..4ea8283dc 100644 --- a/e2e/cypress/tests/07-manage-control/01-ip-restriction.cy.ts +++ b/e2e/cypress/tests/07-manage-control/01-ip-restriction.cy.ts @@ -9,8 +9,6 @@ describe('Manage Control-IP Restriction Spec', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() }) beforeEach(() => { @@ -226,7 +224,5 @@ describe('Manage Control -Apply IP Restriction to Global and Consumer at Route l after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) \ No newline at end of file diff --git a/e2e/cypress/tests/07-manage-control/02-rate-limiting.cy.ts b/e2e/cypress/tests/07-manage-control/02-rate-limiting.cy.ts index c73464263..e7296070e 100644 --- a/e2e/cypress/tests/07-manage-control/02-rate-limiting.cy.ts +++ b/e2e/cypress/tests/07-manage-control/02-rate-limiting.cy.ts @@ -12,7 +12,7 @@ describe('Manage Control-Rate Limiting Spec for Service as Scope and Local Polic before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -272,7 +272,5 @@ describe('Manage Control-Apply Rate limiting to Global and Consumer at Route lev after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) \ No newline at end of file diff --git a/e2e/cypress/tests/07-manage-control/03-kong-api-only-apply-rate-limiting.cy.ts b/e2e/cypress/tests/07-manage-control/03-kong-api-only-apply-rate-limiting.cy.ts index ad0d5c8f8..08767f570 100644 --- a/e2e/cypress/tests/07-manage-control/03-kong-api-only-apply-rate-limiting.cy.ts +++ b/e2e/cypress/tests/07-manage-control/03-kong-api-only-apply-rate-limiting.cy.ts @@ -20,8 +20,7 @@ describe('Apply Kong API key only plugin', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -58,6 +57,7 @@ describe('Apply Kong API key only plugin', () => { it('Create a new consumer and save the consumer Id', () => { cy.makeKongGatewayRequest('consumers', 'createConsumer', 'POST').then((response) => { + debugger expect(response.status).to.be.equal(201) consumerID = response.body.id cy.saveState("consumersid", consumerID) @@ -106,6 +106,9 @@ describe('Apply Kong API key only plugin', () => { expect(response.status).to.be.equal(201) }) }) + after(() => { + cy.logout() + }) }) describe('Check the API key for free access', () => { @@ -138,8 +141,6 @@ describe('Check the API key for Elevated access', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() }) beforeEach(() => { @@ -176,8 +177,6 @@ describe('Check the API key for Elevated access', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -188,8 +187,6 @@ describe('Approve Pending Request Spec', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() }) beforeEach(() => { @@ -247,8 +244,6 @@ describe('Approve Pending Request Spec', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) diff --git a/e2e/cypress/tests/08-client-role/03-read-client-role.ts b/e2e/cypress/tests/08-client-role/03-read-client-role.ts index b221da16f..cad5ca94d 100644 --- a/e2e/cypress/tests/08-client-role/03-read-client-role.ts +++ b/e2e/cypress/tests/08-client-role/03-read-client-role.ts @@ -14,7 +14,7 @@ describe('Developer creates an access request for Client ID/Secret authenticator before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -56,8 +56,6 @@ describe('Developer creates an access request for Client ID/Secret authenticator after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -68,8 +66,6 @@ describe('Access manager apply "Read" role and approves developer access request before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() }) beforeEach(() => { @@ -108,8 +104,6 @@ describe('Access manager apply "Read" role and approves developer access request after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) diff --git a/e2e/cypress/tests/08-client-role/04-write-client-role.ts b/e2e/cypress/tests/08-client-role/04-write-client-role.ts index f4250cd3f..411fa8404 100644 --- a/e2e/cypress/tests/08-client-role/04-write-client-role.ts +++ b/e2e/cypress/tests/08-client-role/04-write-client-role.ts @@ -14,7 +14,7 @@ describe('Developer creates an access request for Client ID/Secret authenticator before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -55,8 +55,6 @@ describe('Developer creates an access request for Client ID/Secret authenticator after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -67,8 +65,6 @@ describe('Access manager apply "Write" role and approves developer access reques before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() }) beforeEach(() => { @@ -107,8 +103,6 @@ describe('Access manager apply "Write" role and approves developer access reques after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) diff --git a/e2e/cypress/tests/08-client-role/05-check-without-role.ts b/e2e/cypress/tests/08-client-role/05-check-without-role.ts index 2f2c86b91..a96f1d6a0 100644 --- a/e2e/cypress/tests/08-client-role/05-check-without-role.ts +++ b/e2e/cypress/tests/08-client-role/05-check-without-role.ts @@ -22,7 +22,7 @@ describe('Reset Authorization profile to default (without any role)', () => { before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -71,8 +71,6 @@ describe('Reset Authorization profile to default (without any role)', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -82,8 +80,6 @@ describe('Check service access without applying any roles', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() }) beforeEach(() => { @@ -132,7 +128,5 @@ describe('Check service access without applying any roles', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) \ No newline at end of file diff --git a/e2e/cypress/tests/09-update-product-env/01-client-credential-to-kong-acl-api.cy.ts b/e2e/cypress/tests/09-update-product-env/01-client-credential-to-kong-acl-api.cy.ts index 7b5a35813..e9b7d910b 100644 --- a/e2e/cypress/tests/09-update-product-env/01-client-credential-to-kong-acl-api.cy.ts +++ b/e2e/cypress/tests/09-update-product-env/01-client-credential-to-kong-acl-api.cy.ts @@ -22,7 +22,7 @@ describe('Change Authorization profile', () => { before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -109,8 +109,6 @@ describe('Change Authorization profile', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -123,8 +121,6 @@ describe('Request service Access Spec', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() }) beforeEach(() => { @@ -162,8 +158,6 @@ describe('Request service Access Spec', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -174,8 +168,6 @@ describe('Access manager approves developer access request for Kong API ACL auth before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() }) beforeEach(() => { @@ -220,7 +212,5 @@ describe('Access manager approves developer access request for Kong API ACL auth after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) diff --git a/e2e/cypress/tests/09-update-product-env/02-kong-acl-api-to-client-credential.cy.ts b/e2e/cypress/tests/09-update-product-env/02-kong-acl-api-to-client-credential.cy.ts index 089bcf725..14f622a41 100644 --- a/e2e/cypress/tests/09-update-product-env/02-kong-acl-api-to-client-credential.cy.ts +++ b/e2e/cypress/tests/09-update-product-env/02-kong-acl-api-to-client-credential.cy.ts @@ -25,7 +25,7 @@ describe('Change Authorization profile from Kong ACL-API to Client Credential', before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -112,8 +112,6 @@ describe('Change Authorization profile from Kong ACL-API to Client Credential', after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -126,8 +124,6 @@ describe('Developer creates an access request for Client ID/Secret authenticator before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() }) beforeEach(() => { @@ -168,8 +164,6 @@ describe('Developer creates an access request for Client ID/Secret authenticator after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -180,8 +174,6 @@ describe('Access manager approves developer access request for Client ID/Secret before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() }) beforeEach(() => { @@ -214,8 +206,6 @@ describe('Access manager approves developer access request for Client ID/Secret after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) diff --git a/e2e/cypress/tests/09-update-product-env/03-apply-multiple-services.cy.ts b/e2e/cypress/tests/09-update-product-env/03-apply-multiple-services.cy.ts index 3cc4580bf..50de65e81 100644 --- a/e2e/cypress/tests/09-update-product-env/03-apply-multiple-services.cy.ts +++ b/e2e/cypress/tests/09-update-product-env/03-apply-multiple-services.cy.ts @@ -27,7 +27,7 @@ describe('Apply multiple services to the product environment', () => { before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -90,8 +90,6 @@ describe('Apply multiple services to the product environment', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -153,8 +151,6 @@ describe('Developer creates an access request for Client ID/Secret authenticator before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() }) beforeEach(() => { @@ -195,8 +191,6 @@ describe('Developer creates an access request for Client ID/Secret authenticator after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -207,8 +201,6 @@ describe('Access manager approves developer access request for Client ID/Secret before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() }) beforeEach(() => { @@ -241,8 +233,6 @@ describe('Access manager approves developer access request for Client ID/Secret after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) diff --git a/e2e/cypress/tests/09-update-product-env/06-shared-idp.cy.ts b/e2e/cypress/tests/09-update-product-env/06-shared-idp.cy.ts index 9e5c3d28e..6603ceab1 100644 --- a/e2e/cypress/tests/09-update-product-env/06-shared-idp.cy.ts +++ b/e2e/cypress/tests/09-update-product-env/06-shared-idp.cy.ts @@ -19,7 +19,7 @@ describe('Apply Shared IDP while creating Authorization Profile', () => { before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -74,8 +74,6 @@ describe('Apply Shared IDP while creating Authorization Profile', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -89,8 +87,6 @@ describe('Update IDP issuer for shared IDP profile', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() }) beforeEach(() => { diff --git a/e2e/cypress/tests/09-update-product-env/07-kong-public-auth.ts b/e2e/cypress/tests/09-update-product-env/07-kong-public-auth.ts index 1f448d46d..4db1d8d33 100644 --- a/e2e/cypress/tests/09-update-product-env/07-kong-public-auth.ts +++ b/e2e/cypress/tests/09-update-product-env/07-kong-public-auth.ts @@ -60,7 +60,7 @@ describe('Verify for Kong Public Auth', () => { }) }) - it('Update the authorization scope from Kong ACL-API to Client Credential', () => { + it('Update the authorization scope from Kong ACL-API to Public', () => { cy.visit(pd.path) cy.get('@apiowner').then(({ clientCredentials }: any) => { let product = clientCredentials.clientIdSecret_publicProfile.product diff --git a/e2e/cypress/tests/09-update-product-env/08-protected-externally.ts b/e2e/cypress/tests/09-update-product-env/08-protected-externally.ts new file mode 100644 index 000000000..ff84052df --- /dev/null +++ b/e2e/cypress/tests/09-update-product-env/08-protected-externally.ts @@ -0,0 +1,95 @@ +import ApiDirectoryPage from '../../pageObjects/apiDirectory' +import HomePage from '../../pageObjects/home' +import LoginPage from '../../pageObjects/login' +import Products from '../../pageObjects/products' + +describe('Verify Protected Externally Auth', () => { + const login = new LoginPage() + const apiDir = new ApiDirectoryPage() + var nameSpace: string + let userSession: string + const home = new HomePage() + const pd = new Products() + + before(() => { + cy.visit('/') + cy.deleteAllCookies() + cy.reload() + }) + + beforeEach(() => { + cy.preserveCookies() + cy.fixture('apiowner').as('apiowner') + cy.fixture('state/regen').as('regen') + cy.fixture('common-testdata').as('common-testdata') + cy.visit(login.path) + }) + + it('Authenticates api owner', () => { + cy.get('@apiowner').then(({ user }: any) => { + cy.login(user.credentials.username, user.credentials.password) + }) + }) + it('Activates the namespace', () => { + cy.getUserSession().then(() => { + cy.get('@common-testdata').then(({ clientCredentials }: any) => { + nameSpace = clientCredentials.namespace + home.useNamespace(clientCredentials.namespace) + cy.get('@login').then(function (xhr: any) { + userSession = xhr.response.headers['x-auth-request-access-token'] + }) + }) + }) + }) + + it('Creates a new product in the directory', () => { + cy.visit(pd.path) + cy.get('@apiowner').then(({ protectedExternally }: any) => { + pd.createNewProduct( + protectedExternally.protectedExternally_initial.product.name, + protectedExternally.protectedExternally_initial.product.environment.name + ) + }) + }) + + it('Assign a dataset to the product', () => { + cy.visit(pd.path) + cy.get('@apiowner').then(({ protectedExternally }: any) => { + let product = protectedExternally.protectedExternally_initial.product + pd.updateDatasetNameToCatelogue(product.name, product.environment.name) + }) + }) + + it('Update the authorization scope from Public to Protected Externally', () => { + cy.visit(pd.path) + cy.get('@apiowner').then(({ protectedExternally }: any) => { + let product = protectedExternally.protectedExternally_external.product + pd.editProductEnvironment(product.name, product.environment.name) + pd.editProductEnvironmentConfig(product.environment.config) + }) + }) + + it('Verify that product is w/o a request button in API Directory', () => { + cy.visit(apiDir.path) + cy.get('@apiowner').then(({ protectedExternally }: any) => { + let product = protectedExternally.protectedExternally_external.product + apiDir.selectProduct(product.name) + cy.get(apiDir.rqstAccessBtn).should('not.exist') + apiDir.checkProductIcon(product.name, 'FaLock') + }) + }) + + it('Delete the Product', () => { + cy.visit(pd.path) + cy.get('@apiowner').then(({ protectedExternally }: any) => { + pd.deleteProduct(protectedExternally.protectedExternally_external.product.name) + }) + }) + + after(() => { + cy.logout() + cy.clearLocalStorage({ log: true }) + cy.deleteAllCookies() + }) + +}) diff --git a/e2e/cypress/tests/10-clear-resources/01-create-api.cy.ts b/e2e/cypress/tests/10-clear-resources/01-create-api.cy.ts index 715ea8324..592ec430b 100644 --- a/e2e/cypress/tests/10-clear-resources/01-create-api.cy.ts +++ b/e2e/cypress/tests/10-clear-resources/01-create-api.cy.ts @@ -14,7 +14,7 @@ describe('Create API Spec for Delete Resources', () => { before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) // cy.resetState() }) @@ -42,7 +42,7 @@ describe('Create API Spec for Delete Resources', () => { it('create namespace using gwa cli command', () => { var cleanedUrl = Cypress.env('BASE_URL').replace(/^http?:\/\//i, ""); - cy.exec('gwa namespace create --host ' + cleanedUrl + ' --scheme http', { timeout: 3000, failOnNonZeroExit: false }).then((response) => { + cy.exec('gwa namespace create --generate --host ' + cleanedUrl + ' --scheme http', { timeout: 3000, failOnNonZeroExit: false }).then((response) => { assert.isNotNaN(response.stdout) namespace = response.stdout cy.replaceWordInJsonObject('ns.deleteplatform', 'ns.' + namespace, 'service-clear-resources-gwa.yml') diff --git a/e2e/cypress/tests/10-clear-resources/06-delete-service-acc.ts b/e2e/cypress/tests/10-clear-resources/06-delete-service-acc.ts index 2a353f424..2a82d2e05 100644 --- a/e2e/cypress/tests/10-clear-resources/06-delete-service-acc.ts +++ b/e2e/cypress/tests/10-clear-resources/06-delete-service-acc.ts @@ -52,7 +52,7 @@ describe('Create API Spec', () => { cy.getAccessToken(cc.clientId, cc.clientSecret).then(() => { cy.get('@accessTokenResponse').then((token_res: any) => { expect(token_res.status).to.be.equal(400) - expect(token_res.body.error).to.contains("unauthorized_client") + expect(token_res.body.error).to.contains("invalid_client") }) }) }) diff --git a/e2e/cypress/tests/11-activity-feed/01-activity-feed.cy.ts b/e2e/cypress/tests/11-activity-feed/01-activity-feed.cy.ts index 6ae592157..238fdb6b7 100644 --- a/e2e/cypress/tests/11-activity-feed/01-activity-feed.cy.ts +++ b/e2e/cypress/tests/11-activity-feed/01-activity-feed.cy.ts @@ -14,7 +14,7 @@ describe('Get the user session token to pass it as authorization token to make t before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -96,8 +96,6 @@ describe('Verify the Activity filter for users', () => { before(() => { cy.visit('/') - // cy.deleteAllCookies() - cy.reload() }) beforeEach(() => { diff --git a/e2e/cypress/tests/11-activity-feed/02-activity-feed-failure.cy.ts b/e2e/cypress/tests/11-activity-feed/02-activity-feed-failure.cy.ts index c6fd120ab..a9ad76d3b 100644 --- a/e2e/cypress/tests/11-activity-feed/02-activity-feed-failure.cy.ts +++ b/e2e/cypress/tests/11-activity-feed/02-activity-feed-failure.cy.ts @@ -20,8 +20,6 @@ describe('Make the access request for invalid profile', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() }) beforeEach(() => { @@ -56,8 +54,6 @@ describe('Make the access request for invalid profile', () => { // }) after(() => { cy.logout() - cy.clearLocalStorage({log:true}) - cy.deleteAllCookies() }) }) @@ -73,8 +69,6 @@ describe('Create API, Product, and Authorization Profiles; Apply Auth Profiles t before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() }) beforeEach(() => { @@ -123,7 +117,5 @@ describe('Create API, Product, and Authorization Profiles; Apply Auth Profiles t after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) \ No newline at end of file diff --git a/e2e/cypress/tests/12-access-permission/01-create-api.cy.ts b/e2e/cypress/tests/12-access-permission/01-create-api.cy.ts index a5488bb92..5011d6b0b 100644 --- a/e2e/cypress/tests/12-access-permission/01-create-api.cy.ts +++ b/e2e/cypress/tests/12-access-permission/01-create-api.cy.ts @@ -14,7 +14,7 @@ describe('Create API Spec', () => { before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) cy.resetState() }) @@ -42,7 +42,7 @@ describe('Create API Spec', () => { it('create namespace using gwa cli command', () => { var cleanedUrl = Cypress.env('BASE_URL').replace(/^http?:\/\//i, ""); - cy.exec('gwa namespace create --host ' + cleanedUrl + ' --scheme http', { timeout: 3000, failOnNonZeroExit: false }).then((response) => { + cy.exec('gwa namespace create --generate --host ' + cleanedUrl + ' --scheme http', { timeout: 3000, failOnNonZeroExit: false }).then((response) => { assert.isNotNaN(response.stdout) namespace = response.stdout cy.replaceWordInJsonObject('ns.permission', 'ns.' + namespace, 'service-permission-gwa.yml') diff --git a/e2e/cypress/tests/12-access-permission/04-access-manager.cy.ts b/e2e/cypress/tests/12-access-permission/04-access-manager.cy.ts index 9a22515ea..2ba9413d2 100644 --- a/e2e/cypress/tests/12-access-permission/04-access-manager.cy.ts +++ b/e2e/cypress/tests/12-access-permission/04-access-manager.cy.ts @@ -12,7 +12,7 @@ describe('Grant Access Manager Role', () => { before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -42,8 +42,6 @@ describe('Grant Access Manager Role', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -58,8 +56,7 @@ describe('Verify that Mark is able to view the pending request', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -91,11 +88,7 @@ describe('Verify that Mark is able to view the pending request', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() cy.resetCredential('Mark') cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) \ No newline at end of file diff --git a/e2e/cypress/tests/12-access-permission/05-namespace-manage.cy.ts b/e2e/cypress/tests/12-access-permission/05-namespace-manage.cy.ts index 79fa205cc..3075dfe44 100644 --- a/e2e/cypress/tests/12-access-permission/05-namespace-manage.cy.ts +++ b/e2e/cypress/tests/12-access-permission/05-namespace-manage.cy.ts @@ -14,8 +14,7 @@ describe('Grant Namespace Manage Role', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -48,8 +47,6 @@ describe('Grant Namespace Manage Role', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -64,8 +61,7 @@ describe('Verify that Wendy is able to see all the options for the Namespace', ( before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -94,11 +90,7 @@ describe('Verify that Wendy is able to see all the options for the Namespace', ( after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() cy.resetCredential('Wendy') cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) diff --git a/e2e/cypress/tests/12-access-permission/06-credential-issuer.cy.ts b/e2e/cypress/tests/12-access-permission/06-credential-issuer.cy.ts index 5903a618a..e50d355f4 100644 --- a/e2e/cypress/tests/12-access-permission/06-credential-issuer.cy.ts +++ b/e2e/cypress/tests/12-access-permission/06-credential-issuer.cy.ts @@ -13,8 +13,7 @@ describe('Grant Credential Issuer Role', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -46,8 +45,6 @@ describe('Grant Credential Issuer Role', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -62,8 +59,7 @@ describe('Verify that Wendy is able to generate authorization profile', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { diff --git a/e2e/cypress/tests/12-access-permission/07-namespace-view.cy.ts b/e2e/cypress/tests/12-access-permission/07-namespace-view.cy.ts index 05f1621cc..0acd828a1 100644 --- a/e2e/cypress/tests/12-access-permission/07-namespace-view.cy.ts +++ b/e2e/cypress/tests/12-access-permission/07-namespace-view.cy.ts @@ -14,7 +14,7 @@ describe('Grant Namespace View Role to Mark', () => { before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -45,8 +45,6 @@ describe('Grant Namespace View Role to Mark', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -60,8 +58,7 @@ describe('Verify that Mark is unable to create service account', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -107,11 +104,7 @@ describe('Verify that Mark is unable to create service account', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() cy.resetCredential('Mark') cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) diff --git a/e2e/cypress/tests/12-access-permission/08-gateway-config.cy.ts b/e2e/cypress/tests/12-access-permission/08-gateway-config.cy.ts index ec94ec380..0f5b16d00 100644 --- a/e2e/cypress/tests/12-access-permission/08-gateway-config.cy.ts +++ b/e2e/cypress/tests/12-access-permission/08-gateway-config.cy.ts @@ -17,7 +17,7 @@ describe('Grant Gateway Config Role to Wendy', () => { before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -48,8 +48,6 @@ describe('Grant Gateway Config Role to Wendy', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -64,8 +62,7 @@ describe('Verify that Wendy is able to generate authorization profile', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -97,11 +94,7 @@ describe('Verify that Wendy is able to generate authorization profile', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() cy.resetCredential('Wendy') cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) \ No newline at end of file diff --git a/e2e/cypress/tests/13-namespace-preview-mode/01-create-api.cy.ts b/e2e/cypress/tests/13-namespace-preview-mode/01-create-api.cy.ts index 42e545761..02fea2554 100644 --- a/e2e/cypress/tests/13-namespace-preview-mode/01-create-api.cy.ts +++ b/e2e/cypress/tests/13-namespace-preview-mode/01-create-api.cy.ts @@ -14,7 +14,7 @@ describe('Create API Spec', () => { before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) cy.resetState() }) @@ -42,7 +42,7 @@ describe('Create API Spec', () => { it('create namespace using gwa cli command', () => { var cleanedUrl = Cypress.env('BASE_URL').replace(/^http?:\/\//i, ""); - cy.exec('gwa namespace create --host ' + cleanedUrl + ' --scheme http', { timeout: 3000, failOnNonZeroExit: false }).then((response) => { + cy.exec('gwa namespace create --generate --host ' + cleanedUrl + ' --scheme http', { timeout: 3000, failOnNonZeroExit: false }).then((response) => { assert.isNotNaN(response.stdout) namespace = response.stdout cy.updateJsonValue('common-testdata.json', 'namespacePreview.namespace', namespace) diff --git a/e2e/cypress/tests/14-org-assignment/01-client-cred-team-access.ts b/e2e/cypress/tests/14-org-assignment/01-client-cred-team-access.ts index 29fc44462..4e8ed934d 100644 --- a/e2e/cypress/tests/14-org-assignment/01-client-cred-team-access.ts +++ b/e2e/cypress/tests/14-org-assignment/01-client-cred-team-access.ts @@ -23,7 +23,7 @@ describe('Add Organization to publish API', () => { before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) cy.resetState() }) @@ -50,7 +50,7 @@ describe('Add Organization to publish API', () => { it('create namespace using gwa cli command', () => { var cleanedUrl = Cypress.env('BASE_URL').replace(/^http?:\/\//i, ""); - cy.exec('gwa namespace create --host ' + cleanedUrl + ' --scheme http', { timeout: 3000, failOnNonZeroExit: false }).then((response) => { + cy.exec('gwa namespace create --generate --host ' + cleanedUrl + ' --scheme http', { timeout: 3000, failOnNonZeroExit: false }).then((response) => { assert.isNotNaN(response.stdout) namespace = response.stdout cy.updateJsonValue('common-testdata.json', 'orgAssignment.namespace', namespace) @@ -131,8 +131,6 @@ describe('Add Organization to publish API', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -144,9 +142,6 @@ describe('Org Admin approves the request', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() - cy.resetState() }) beforeEach(() => { @@ -179,8 +174,6 @@ describe('Org Admin approves the request', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -193,9 +186,6 @@ describe('Activate the API to make it visible in API Directory', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() - cy.resetState() }) beforeEach(() => { @@ -241,8 +231,6 @@ describe('Activate the API to make it visible in API Directory', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -254,8 +242,6 @@ describe('Request service Access Spec', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() }) beforeEach(() => { @@ -293,8 +279,6 @@ describe('Request service Access Spec', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -305,8 +289,6 @@ describe('Access manager approves developer access request for Kong API ACL auth before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() }) beforeEach(() => { @@ -348,7 +330,5 @@ describe('Access manager approves developer access request for Kong API ACL auth after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) diff --git a/e2e/cypress/tests/14-org-assignment/02-multiple-org-admin.ts b/e2e/cypress/tests/14-org-assignment/02-multiple-org-admin.ts index 1abe74e2a..bfbc604a4 100644 --- a/e2e/cypress/tests/14-org-assignment/02-multiple-org-admin.ts +++ b/e2e/cypress/tests/14-org-assignment/02-multiple-org-admin.ts @@ -1,11 +1,3 @@ -import ApiDirectoryPage from '../../pageObjects/apiDirectory' -import HomePage from '../../pageObjects/home' -import LoginPage from '../../pageObjects/login' -import NamespaceAccessPage from '../../pageObjects/namespaceAccess' -import Products from '../../pageObjects/products' -import ServiceAccountsPage from '../../pageObjects/serviceAccounts' -import keycloakGroupPage from '../../pageObjects/keycloakGroup' -import AuthorizationProfile from '../../pageObjects/authProfile' import keycloakUsersPage from '../../pageObjects/keycloakUsers' describe('Give a user org admin access at organization level', () => { @@ -14,7 +6,7 @@ describe('Give a user org admin access at organization level', () => { before(() => { cy.visit(Cypress.env('KEYCLOAK_URL')) cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -53,101 +45,5 @@ describe('Give a user org admin access at organization level', () => { after(() => { cy.keycloakLogout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() - }) - -}) - -describe('Multiple Org Adming for the organization', () => { - const home = new HomePage() - const na = new NamespaceAccessPage() - const pd = new Products() - const sa = new ServiceAccountsPage() - const apiDir = new ApiDirectoryPage() - const login = new LoginPage() - let userSession: any - let namespace: any - - before(() => { - cy.visit('/') - cy.deleteAllCookies() - cy.reload() - cy.resetState() - }) - - beforeEach(() => { - cy.preserveCookies() - cy.fixture('apiowner').as('apiowner') - cy.fixture('common-testdata').as('common-testdata') - cy.visit(login.path) - }) - - - it('authenticates Janis (api owner) to get the user session token', () => { - cy.get('@common-testdata').then(({ apiTest }: any) => { - cy.getUserSessionTokenValue(apiTest.namespace, false).then((value) => { - userSession = value - }) - }) - }) - - it('Set token with gwa config command', () => { - cy.exec('gwa config set --token ' + userSession, { timeout: 3000, failOnNonZeroExit: false }).then((response) => { - expect(response.stdout).to.contain("Config settings saved") - }); - }) - - it('create namespace using gwa cli command', () => { - var cleanedUrl = Cypress.env('BASE_URL').replace(/^http?:\/\//i, ""); - cy.exec('gwa namespace create --host ' + cleanedUrl + ' --scheme http', { timeout: 3000, failOnNonZeroExit: false }).then((response) => { - assert.isNotNaN(response.stdout) - namespace = response.stdout - cy.updateJsonValue('common-testdata.json', 'orgAssignment.namespace', namespace) - // cy.updateJsonValue('apiowner.json', 'clientCredentials.clientIdSecret.product.environment.name.config.serviceName', 'cc-service-for-' + namespace) - cy.executeCliCommand("gwa config set --namespace " + namespace) - }); - }) - - it('activates new namespace', () => { - home.useNamespace(namespace) - }) - - - it('creates a new service account', () => { - cy.visit(sa.path) - cy.get('@apiowner').then(({ serviceAccount }: any) => { - sa.createServiceAccount(serviceAccount.scopes) - }) - sa.saveServiceAcctCreds() - }) - - it('creates as new product in the directory', () => { - cy.visit(pd.path) - cy.get('@apiowner').then(({ orgAssignmentMultipleAdmin }: any) => { - pd.createNewProduct(orgAssignmentMultipleAdmin.product.name, orgAssignmentMultipleAdmin.product.environment.name) - }) - }) - - it('Assign organization to the created namespace', () => { - cy.visit(apiDir.path) - cy.get('@apiowner').then(({ product }: any) => { - apiDir.addOrganizationAndOrgUnit(product) - }) - }) - - it('Verify Ord Admins Members details in Organization group access ', () => { - cy.visit(na.path) - cy.wait(2000) - na.clickOnOrganizationGroupAccess() - cy.get('@apiowner').then(({ orgAssignmentMultipleAdmin }: any) => { - na.checkMembersForGroupAccess(orgAssignmentMultipleAdmin.GroupAccess.members) - }) - }) - - after(() => { - cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) -}) +}) \ No newline at end of file diff --git a/e2e/cypress/tests/14-org-assignment/03-verify-org-admin-member-org.ts b/e2e/cypress/tests/14-org-assignment/03-verify-org-admin-member-org.ts new file mode 100644 index 000000000..86fa3c287 --- /dev/null +++ b/e2e/cypress/tests/14-org-assignment/03-verify-org-admin-member-org.ts @@ -0,0 +1,95 @@ +import ApiDirectoryPage from '../../pageObjects/apiDirectory' +import HomePage from '../../pageObjects/home' +import LoginPage from '../../pageObjects/login' +import NamespaceAccessPage from '../../pageObjects/namespaceAccess' +import Products from '../../pageObjects/products' +import ServiceAccountsPage from '../../pageObjects/serviceAccounts' + +describe('Multiple Org Adming for the organization', () => { + const home = new HomePage() + const na = new NamespaceAccessPage() + const pd = new Products() + const sa = new ServiceAccountsPage() + const apiDir = new ApiDirectoryPage() + const login = new LoginPage() + let userSession: any + let namespace: any + + before(() => { + cy.visit('/') + cy.resetState() + }) + + beforeEach(() => { + cy.preserveCookies() + cy.fixture('apiowner').as('apiowner') + cy.fixture('common-testdata').as('common-testdata') + cy.visit(login.path) + }) + + + it('authenticates Janis (api owner) to get the user session token', () => { + cy.get('@common-testdata').then(({ apiTest }: any) => { + cy.getUserSessionTokenValue(apiTest.namespace, false).then((value) => { + userSession = value + }) + }) + }) + + it('Set token with gwa config command', () => { + cy.exec('gwa config set --token ' + userSession, { timeout: 3000, failOnNonZeroExit: false }).then((response) => { + expect(response.stdout).to.contain("Config settings saved") + }); + }) + + it('create namespace using gwa cli command', () => { + var cleanedUrl = Cypress.env('BASE_URL').replace(/^http?:\/\//i, ""); + cy.exec('gwa namespace create --generate --host ' + cleanedUrl + ' --scheme http', { timeout: 3000, failOnNonZeroExit: false }).then((response) => { + assert.isNotNaN(response.stdout) + namespace = response.stdout + cy.updateJsonValue('common-testdata.json', 'orgAssignment.namespace', namespace) + // cy.updateJsonValue('apiowner.json', 'clientCredentials.clientIdSecret.product.environment.name.config.serviceName', 'cc-service-for-' + namespace) + cy.executeCliCommand("gwa config set --namespace " + namespace) + }); + }) + + it('activates new namespace', () => { + home.useNamespace(namespace) + }) + + + it('creates a new service account', () => { + cy.visit(sa.path) + cy.get('@apiowner').then(({ serviceAccount }: any) => { + sa.createServiceAccount(serviceAccount.scopes) + }) + sa.saveServiceAcctCreds() + }) + + it('creates as new product in the directory', () => { + cy.visit(pd.path) + cy.get('@apiowner').then(({ orgAssignmentMultipleAdmin }: any) => { + pd.createNewProduct(orgAssignmentMultipleAdmin.product.name, orgAssignmentMultipleAdmin.product.environment.name) + }) + }) + + it('Assign organization to the created namespace', () => { + cy.visit(apiDir.path) + cy.get('@apiowner').then(({ product }: any) => { + apiDir.addOrganizationAndOrgUnit(product) + }) + }) + + it('Verify Ord Admins Members details in Organization group access ', () => { + cy.visit(na.path) + cy.wait(2000) + na.clickOnOrganizationGroupAccess() + cy.get('@apiowner').then(({ orgAssignmentMultipleAdmin }: any) => { + na.checkMembersForGroupAccess(orgAssignmentMultipleAdmin.GroupAccess.members) + }) + }) + + after(() => { + cy.logout() + }) +}) diff --git a/e2e/cypress/tests/14-org-assignment/04-multiple-org-admin-org-unit.ts b/e2e/cypress/tests/14-org-assignment/04-multiple-org-admin-org-unit.ts new file mode 100644 index 000000000..b82d6e288 --- /dev/null +++ b/e2e/cypress/tests/14-org-assignment/04-multiple-org-admin-org-unit.ts @@ -0,0 +1,68 @@ +import keycloakGroupPage from '../../pageObjects/keycloakGroup' +import keycloakUsersPage from '../../pageObjects/keycloakUsers' + + +describe('Give a user org admin access at organization unit level', () => { + const user = new keycloakUsersPage() + const groups = new keycloakGroupPage() + + before(() => { + cy.visit(Cypress.env('KEYCLOAK_URL')) + cy.deleteAllCookies() + cy.reload(true) + }) + + beforeEach(() => { + cy.preserveCookies() + cy.fixture('developer').as('developer') + cy.fixture('apiowner').as('apiowner') + cy.fixture('state/regen').as('regen') + cy.fixture('admin').as('admin') + cy.fixture('common-testdata').as('common-testdata') + }) + + it('Authenticates Admin owner', () => { + cy.get('@admin').then(({ user }: any) => { + cy.contains('Administration Console').click({force:true}) + cy.keycloakLogin(user.credentials.username, user.credentials.password) + }) + }) + + it('Navigate to User Groups', () => { + groups.navigateToUserGroups() + }) + + it('Add another org unit', () => { + cy.contains('ministry-of-health').click() + cy.get('[id="createGroup"]').click() + cy.get('[id="name"]').type('health-protection') + cy.contains('Save').click() + }) + + it('Navigate to Users Page', () => { + cy.contains('Users').click() + }) + + it('Search Wendy (Credential Issuer) from the user list', () => { + cy.get('@apiowner').then(({ clientCredentials }: any) => { + user.editUser(clientCredentials.Wendy.email) + }) + }) + + it('Navigate to Groups tab', () => { + user.selectTab('Groups') + }) + + it('Reset any existing assoction', () => { + user.resetAssociation() + }) + + it('Set the user(Wendy) to the Organization Unit', () => { + user.setUserToOrganization('health-protection') + }) + + after(() => { + cy.keycloakLogout() + }) + +}) \ No newline at end of file diff --git a/e2e/cypress/tests/14-org-assignment/03-multiple-org-admin-org-unit.ts b/e2e/cypress/tests/14-org-assignment/05-verify-org-admin-member-org-unit.ts similarity index 59% rename from e2e/cypress/tests/14-org-assignment/03-multiple-org-admin-org-unit.ts rename to e2e/cypress/tests/14-org-assignment/05-verify-org-admin-member-org-unit.ts index 2fa19e811..0fe81f42a 100644 --- a/e2e/cypress/tests/14-org-assignment/03-multiple-org-admin-org-unit.ts +++ b/e2e/cypress/tests/14-org-assignment/05-verify-org-admin-member-org-unit.ts @@ -4,77 +4,6 @@ import LoginPage from '../../pageObjects/login' import NamespaceAccessPage from '../../pageObjects/namespaceAccess' import Products from '../../pageObjects/products' import ServiceAccountsPage from '../../pageObjects/serviceAccounts' -import keycloakGroupPage from '../../pageObjects/keycloakGroup' -import AuthorizationProfile from '../../pageObjects/authProfile' -import keycloakUsersPage from '../../pageObjects/keycloakUsers' - - -describe('Give a user org admin access at organization unit level', () => { - const user = new keycloakUsersPage() - const groups = new keycloakGroupPage() - - before(() => { - cy.visit(Cypress.env('KEYCLOAK_URL')) - cy.deleteAllCookies() - cy.reload() - }) - - beforeEach(() => { - cy.preserveCookies() - cy.fixture('developer').as('developer') - cy.fixture('apiowner').as('apiowner') - cy.fixture('state/regen').as('regen') - cy.fixture('admin').as('admin') - cy.fixture('common-testdata').as('common-testdata') - }) - - it('Authenticates Admin owner', () => { - cy.get('@admin').then(({ user }: any) => { - cy.contains('Administration Console').click({force:true}) - cy.keycloakLogin(user.credentials.username, user.credentials.password) - }) - }) - - it('Navigate to User Groups', () => { - groups.navigateToUserGroups() - }) - - it('Add another org unit', () => { - cy.contains('ministry-of-health').click() - cy.get('[id="createGroup"]').click() - cy.get('[id="name"]').type('health-protection') - cy.contains('Save').click() - }) - - it('Navigate to Users Page', () => { - cy.contains('Users').click() - }) - - it('Search Wendy (Credential Issuer) from the user list', () => { - cy.get('@apiowner').then(({ clientCredentials }: any) => { - user.editUser(clientCredentials.Wendy.email) - }) - }) - - it('Navigate to Groups tab', () => { - user.selectTab('Groups') - }) - - it('Reset any existing assoction', () => { - user.resetAssociation() - }) - - it('Set the user(Wendy) to the Organization Unit', () => { - user.setUserToOrganization('health-protection') - }) - - after(() => { - cy.keycloakLogout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() - }) - -}) describe('Multiple Org Admin for the organization', () => { const home = new HomePage() @@ -88,8 +17,6 @@ describe('Multiple Org Admin for the organization', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() cy.resetState() }) @@ -116,7 +43,7 @@ describe('Multiple Org Admin for the organization', () => { it('create namespace using gwa cli command', () => { var cleanedUrl = Cypress.env('BASE_URL').replace(/^http?:\/\//i, ""); - cy.exec('gwa namespace create --host ' + cleanedUrl + ' --scheme http', { timeout: 3000, failOnNonZeroExit: false }).then((response) => { + cy.exec('gwa namespace create --generate --host ' + cleanedUrl + ' --scheme http', { timeout: 3000, failOnNonZeroExit: false }).then((response) => { assert.isNotNaN(response.stdout) namespace = response.stdout cy.updateJsonValue('common-testdata.json', 'orgAssignment.namespace', namespace) diff --git a/e2e/cypress/tests/15-aps-api/01-create-api.cy.ts b/e2e/cypress/tests/15-aps-api/01-create-api.cy.ts index e85a6fff4..1d9b664e4 100644 --- a/e2e/cypress/tests/15-aps-api/01-create-api.cy.ts +++ b/e2e/cypress/tests/15-aps-api/01-create-api.cy.ts @@ -14,7 +14,7 @@ describe('Create API Spec', () => { before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) cy.resetState() }) @@ -42,7 +42,7 @@ describe('Create API Spec', () => { it('create namespace using gwa cli command', () => { var cleanedUrl = Cypress.env('BASE_URL').replace(/^http?:\/\//i, ""); - cy.exec('gwa namespace create --host ' + cleanedUrl + ' --scheme http', { timeout: 3000, failOnNonZeroExit: false }).then((response) => { + cy.exec('gwa namespace create --generate --host ' + cleanedUrl + ' --scheme http', { timeout: 3000, failOnNonZeroExit: false }).then((response) => { assert.isNotNaN(response.stdout) namespace = response.stdout cy.updateJsonValue('common-testdata.json', 'apiTest.namespace', namespace) @@ -69,6 +69,5 @@ describe('Create API Spec', () => { after(() => { cy.logout() cy.clearLocalStorage({log:true}) - cy.deleteAllCookies() }) }) diff --git a/e2e/cypress/tests/15-aps-api/02-organization.cy.ts b/e2e/cypress/tests/15-aps-api/02-organization.cy.ts index 105dba5ad..12ab1caf6 100644 --- a/e2e/cypress/tests/15-aps-api/02-organization.cy.ts +++ b/e2e/cypress/tests/15-aps-api/02-organization.cy.ts @@ -3,6 +3,35 @@ import LoginPage from "../../pageObjects/login" let userSession: any var nameSpace: string +describe('Get the user session token', () => { + + const login = new LoginPage() + const home = new HomePage() + + before(() => { + cy.visit('/') + cy.deleteAllCookies() + cy.reload(true) + // cy.getUserSessionTokenValue() + }) + + beforeEach(() => { + cy.preserveCookies() + cy.fixture('apiowner').as('apiowner') + cy.fixture('common-testdata').as('common-testdata') + // cy.visit(login.path) + }) + + it('authenticates Janis (api owner) to get the user session token', () => { + cy.get('@common-testdata').then(({ apiTest }: any) => { + cy.getUserSessionTokenValue(apiTest.namespace).then((value) => { + userSession = value + }) + }) + }) +}) + + describe('API Tests to verify the Organization details in the response', () => { beforeEach(() => { @@ -62,33 +91,6 @@ describe('Verify /Organization/{Org} end point', () => { }) }) -describe('Get the user session token', () => { - - const login = new LoginPage() - const home = new HomePage() - - before(() => { - cy.visit('/') - cy.deleteAllCookies() - cy.reload() - // cy.getUserSessionTokenValue() - }) - - beforeEach(() => { - cy.preserveCookies() - cy.fixture('apiowner').as('apiowner') - cy.fixture('common-testdata').as('common-testdata') - cy.visit(login.path) - }) - - it('authenticates Janis (api owner) to get the user session token', () => { - cy.get('@common-testdata').then(({ apiTest }: any) => { - cy.getUserSessionTokenValue(apiTest.namespace).then((value) => { - userSession = value - }) - }) - }) -}) describe('Get the Organization Role', () => { @@ -262,7 +264,5 @@ describe('Add and Get Organization Access', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) \ No newline at end of file diff --git a/e2e/cypress/tests/15-aps-api/05-authorizationProfiles.cy.ts b/e2e/cypress/tests/15-aps-api/05-authorizationProfiles.cy.ts index 256295862..d60901552 100644 --- a/e2e/cypress/tests/15-aps-api/05-authorizationProfiles.cy.ts +++ b/e2e/cypress/tests/15-aps-api/05-authorizationProfiles.cy.ts @@ -100,11 +100,6 @@ testData.forEach((testCase: any) => { }) }) }) - - after(() => { - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() - }) }) describe('API Tests for Authorization Profiles created with inheritFrom attribute set to a valid shared Issuer', () => { @@ -211,8 +206,6 @@ describe('Published a shared authorization profile', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -225,7 +218,6 @@ describe('Deleted shared auth profile', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() cy.reload() }) @@ -264,8 +256,6 @@ describe('Deleted shared auth profile', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -277,7 +267,6 @@ describe('Verify that client ID of deleted shared auth profile in IDP', () => { before(() => { cy.visit(Cypress.env('KEYCLOAK_URL')) - cy.deleteAllCookies() cy.reload() }) diff --git a/e2e/cypress/tests/15-aps-api/06-products.cy.ts b/e2e/cypress/tests/15-aps-api/06-products.cy.ts index b76fcdbd7..453063c2f 100644 --- a/e2e/cypress/tests/15-aps-api/06-products.cy.ts +++ b/e2e/cypress/tests/15-aps-api/06-products.cy.ts @@ -15,7 +15,7 @@ describe('Get the user session token to check ', () => { before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -97,8 +97,7 @@ describe('Verify that created Product is displayed in UI', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -109,15 +108,6 @@ describe('Verify that created Product is displayed in UI', () => { cy.visit(login.path) }) - it('authenticates Janis (api owner) to get the user session token', () => { - cy.get('@common-testdata').then(({ apiTest }: any) => { - cy.getUserSessionTokenValue(apiTest.namespace).then((value) => { - home.useNamespace(apiTest.namespace) - userSession = value - }) - }) - }) - it('Verify that the product is visible in Manage Product Page', () => { cy.visit(pd.path) cy.get('@api').then(({ products }: any) => { diff --git a/e2e/cypress/tests/16-gwa-cli/01-cli-commands.ts b/e2e/cypress/tests/16-gwa-cli/01-cli-commands.ts index 28be88935..83a2c4cc3 100644 --- a/e2e/cypress/tests/16-gwa-cli/01-cli-commands.ts +++ b/e2e/cypress/tests/16-gwa-cli/01-cli-commands.ts @@ -18,7 +18,7 @@ describe('Verify CLI commands', () => { before(() => { // cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -50,7 +50,7 @@ describe('Verify CLI commands', () => { let clientID = "dummy-client" let clientSecret = cli.credentials.clientSecret cy.executeCliCommand('gwa login --client-id ' + clientID + ' --client-secret ' + clientSecret + ' --host ' + cleanedUrl + ' --scheme http').then((response) => { - assert.equal(response.stderr, "Error: unauthorized_client\nINVALID_CREDENTIALS: Invalid client credentials") + expect(response.stderr).to.contain("Error: invalid_client") }); }) @@ -58,7 +58,7 @@ describe('Verify CLI commands', () => { let clientID = cli.credentials.clientID let clientSecret = "dummy-client-secret" cy.executeCliCommand('gwa login --client-id ' + clientID + ' --client-secret ' + clientSecret + ' --host ' + cleanedUrl + ' --scheme http').then((response) => { - assert.equal(response.stderr, "Error: unauthorized_client\nINVALID_CREDENTIALS: Invalid client credentials") + expect(response.stderr).to.contain("unauthorized_client") }); }) @@ -77,7 +77,7 @@ describe('Verify CLI commands', () => { }) it('Check gwa command to create namespace', () => { - cy.executeCliCommand('gwa namespace create --host ' + cleanedUrl + ' --scheme http').then((response) => { + cy.executeCliCommand('gwa namespace create --generate --host ' + cleanedUrl + ' --scheme http').then((response) => { assert.isNotNaN(response.stdout) namespace = response.stdout }); diff --git a/e2e/cypress/tests/16-gwa-cli/02-cli-generate-config.ts b/e2e/cypress/tests/16-gwa-cli/02-cli-generate-config.ts index 282a3e65f..e4214a9ef 100644 --- a/e2e/cypress/tests/16-gwa-cli/02-cli-generate-config.ts +++ b/e2e/cypress/tests/16-gwa-cli/02-cli-generate-config.ts @@ -21,8 +21,7 @@ describe('Verify CLI commands for generate/apply config', () => { before(() => { // cy.visit('/') - cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -47,7 +46,7 @@ describe('Verify CLI commands for generate/apply config', () => { it('Check gwa command to generate config for client credential template', () => { cy.executeCliCommand('gwa generate-config --template client-credentials-shared-idp --service my-service --upstream https://httpbin.org --org ministry-of-health --org-unit planning-and-innovation-division').then((response) => { - assert.equal(response.stdout, "File gw-config.yml created") + expect(response.stdout).to.contain("File gw-config.yml created") }); }) @@ -87,8 +86,6 @@ describe('Verify CLI commands for generate/apply config', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) \ No newline at end of file diff --git a/e2e/cypress/tests/17-delete-application/01-delete-application-without-access.cy.ts b/e2e/cypress/tests/17-delete-application/01-delete-application-without-access.cy.ts index b38cd330c..4075417f2 100644 --- a/e2e/cypress/tests/17-delete-application/01-delete-application-without-access.cy.ts +++ b/e2e/cypress/tests/17-delete-application/01-delete-application-without-access.cy.ts @@ -12,7 +12,7 @@ describe('Delete application which has no access request spec', () => { before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { diff --git a/e2e/cypress/tests/17-delete-application/03-delete-application-with-approved-request.cy.ts b/e2e/cypress/tests/17-delete-application/03-delete-application-with-approved-request.cy.ts index e94e77f2e..008364333 100644 --- a/e2e/cypress/tests/17-delete-application/03-delete-application-with-approved-request.cy.ts +++ b/e2e/cypress/tests/17-delete-application/03-delete-application-with-approved-request.cy.ts @@ -15,7 +15,7 @@ describe('Delete application which has approved request spec', () => { before(() => { cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -48,8 +48,6 @@ describe('Delete application which has approved request spec', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -60,8 +58,6 @@ describe('Approve Pending Request Spec', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() // cy.getServiceOrRouteID('services') // cy.getServiceOrRouteID('routes') }) @@ -96,8 +92,6 @@ describe('Approve Pending Request Spec', () => { after(() => { cy.logout() - cy.clearLocalStorage({ log: true }) - cy.deleteAllCookies() }) }) @@ -110,8 +104,6 @@ describe('Delete application which has approved request spec', () => { before(() => { cy.visit('/') - cy.deleteAllCookies() - cy.reload() }) beforeEach(() => { diff --git a/e2e/cypress/tests/17-delete-application/04-delete-namespace-gwa.ts b/e2e/cypress/tests/17-delete-application/04-delete-namespace-gwa.ts index ac18faa89..87768c2f6 100644 --- a/e2e/cypress/tests/17-delete-application/04-delete-namespace-gwa.ts +++ b/e2e/cypress/tests/17-delete-application/04-delete-namespace-gwa.ts @@ -8,7 +8,7 @@ describe('Verify namespace delete using gwa command', () => { before(() => { // cy.visit('/') cy.deleteAllCookies() - cy.reload() + cy.reload(true) }) beforeEach(() => { @@ -33,7 +33,8 @@ describe('Verify namespace delete using gwa command', () => { }) it('Create namespace using gwa cli command', () => { - cy.executeCliCommand('gwa namespace create').then((response) => { + var cleanedUrl = Cypress.env('BASE_URL').replace(/^http?:\/\//i, ""); + cy.exec('gwa namespace create --generate --host ' + cleanedUrl + ' --scheme http', { timeout: 3000, failOnNonZeroExit: false }).then((response) => { assert.isNotNaN(response.stdout) _namespace = response.stdout }); diff --git a/e2e/entrypoint.sh b/e2e/entrypoint.sh index 1968c00d3..fec3725b3 100755 --- a/e2e/entrypoint.sh +++ b/e2e/entrypoint.sh @@ -3,7 +3,7 @@ cd /tmp while true; do - keycloakstatus=$(curl -o /dev/null -Isw '%{http_code}\n' http://keycloak.localtest.me:9080/auth/realms/master) + keycloakstatus=$(curl -o /dev/null -Isw '%{http_code}\n' http://keycloak.localtest.me:9081/auth/realms/master) echo "$keycloakstatus" if [[ "$keycloakstatus" == "200" ]]; then echo "Keycloak is up" @@ -18,7 +18,7 @@ while true; do break else echo "Waiting for Keycloak....." - sleep 2m + sleep 10s fi done diff --git a/e2e/package-lock.json b/e2e/package-lock.json index 5df9ae714..b5e216adf 100644 --- a/e2e/package-lock.json +++ b/e2e/package-lock.json @@ -40,7 +40,7 @@ "@types/request": "^2.48.7", "@typescript-eslint/eslint-plugin": "^4.28.1", "@typescript-eslint/parser": "^4.28.1", - "cypress": "^12.4.0", + "cypress": "^13.6.3", "cypress-iframe": "^1.0.1", "cypress-mochawesome-reporter": "^3.2.3", "cypress-slow-down": "^1.2.1", @@ -1957,9 +1957,9 @@ "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==" }, "node_modules/@cypress/request": { - "version": "2.88.10", - "resolved": "https://registry.npmjs.org/@cypress/request/-/request-2.88.10.tgz", - "integrity": "sha512-Zp7F+R93N0yZyG34GutyTNr+okam7s/Fzc1+i3kcqOP8vk6OuajuE9qZJ6Rs+10/1JFtXFYMdyarnU1rZuJesg==", + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@cypress/request/-/request-3.0.1.tgz", + "integrity": "sha512-TWivJlJi8ZDx2wGOw1dbLuHJKUYX7bWySw377nlnGOW3hP9/MUKIsEdXT/YngWxVdgNCHRBmFlBipE+5/2ZZlQ==", "dev": true, "dependencies": { "aws-sign2": "~0.7.0", @@ -1975,9 +1975,9 @@ "json-stringify-safe": "~5.0.1", "mime-types": "~2.1.19", "performance-now": "^2.1.0", - "qs": "~6.5.2", + "qs": "6.10.4", "safe-buffer": "^5.1.2", - "tough-cookie": "~2.5.0", + "tough-cookie": "^4.1.3", "tunnel-agent": "^0.6.0", "uuid": "^8.3.2" }, @@ -1999,6 +1999,45 @@ "node": ">= 0.12" } }, + "node_modules/@cypress/request/node_modules/qs": { + "version": "6.10.4", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.10.4.tgz", + "integrity": "sha512-OQiU+C+Ds5qiH91qh/mg0w+8nwQuLjM4F4M/PbmhDOoYehPh+Fb0bDjtR1sOvy7YKxvj28Y/M0PhP5uVX0kB+g==", + "dev": true, + "dependencies": { + "side-channel": "^1.0.4" + }, + "engines": { + "node": ">=0.6" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/@cypress/request/node_modules/tough-cookie": { + "version": "4.1.3", + "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.1.3.tgz", + "integrity": "sha512-aX/y5pVRkfRnfmuX+OdbSdXvPe6ieKX/G2s7e98f4poJHnqH3281gDPm/metm6E/WRamfx7WC4HUqkWHfQHprw==", + "dev": true, + "dependencies": { + "psl": "^1.1.33", + "punycode": "^2.1.1", + "universalify": "^0.2.0", + "url-parse": "^1.5.3" + }, + "engines": { + "node": ">=6" + } + }, + "node_modules/@cypress/request/node_modules/universalify": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.2.0.tgz", + "integrity": "sha512-CJ1QgKmNg3CwvAv/kOFmtnEN05f0D/cn9QntgNOQlQF9dgvVTHj3t+8JPdjqawCHk7V/KA+fbUqzZ9XWhcqPUg==", + "dev": true, + "engines": { + "node": ">= 4.0.0" + } + }, "node_modules/@cypress/webpack-preprocessor": { "version": "5.17.0", "resolved": "https://registry.npmjs.org/@cypress/webpack-preprocessor/-/webpack-preprocessor-5.17.0.tgz", @@ -3832,9 +3871,9 @@ } }, "node_modules/commander": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-5.1.0.tgz", - "integrity": "sha512-P0CysNDQ7rtVw4QIQtm+MRxV66vKFSvlsQvGYXZWR3qFU0jlMKHZZZgw8e+8DSah4UDKMqnknRDQz+xuQXQ/Zg==", + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/commander/-/commander-6.2.1.tgz", + "integrity": "sha512-U7VdrJFnJgo4xjrHpTzu0yrHPGImdsmD95ZlgYSEajAn2JKzDhDTPG9kBTefmObL2w/ngeZnilk+OV9CG3d7UA==", "dev": true, "engines": { "node": ">= 6" @@ -3943,15 +3982,14 @@ "integrity": "sha512-o2JlM7ydqd3Qk9CA0L4NL6mTzU2sdx96a+oOfPu8Mkl/PK51vSyoi8/rQ8NknZtk44vq15lmhAj9CIAGwgeWKw==" }, "node_modules/cypress": { - "version": "12.4.0", - "resolved": "https://registry.npmjs.org/cypress/-/cypress-12.4.0.tgz", - "integrity": "sha512-//h93K/yGC/7pxv1KamlkADbKHLp5h3f9rZDE2McRjXZDagMETH0sXowOOanvhsH8cFt/JWspIcK+p9cuaoAqg==", + "version": "13.6.3", + "resolved": "https://registry.npmjs.org/cypress/-/cypress-13.6.3.tgz", + "integrity": "sha512-d/pZvgwjAyZsoyJ3FOsJT5lDsqnxQ/clMqnNc++rkHjbkkiF2h9s0JsZSyyH4QXhVFW3zPFg82jD25roFLOdZA==", "dev": true, "hasInstallScript": true, "dependencies": { - "@cypress/request": "^2.88.10", + "@cypress/request": "^3.0.0", "@cypress/xvfb": "^1.2.4", - "@types/node": "^14.14.31", "@types/sinonjs__fake-timers": "8.1.1", "@types/sizzle": "^2.3.2", "arch": "^2.2.0", @@ -3963,10 +4001,10 @@ "check-more-types": "^2.24.0", "cli-cursor": "^3.1.0", "cli-table3": "~0.6.1", - "commander": "^5.1.0", + "commander": "^6.2.1", "common-tags": "^1.8.0", "dayjs": "^1.10.4", - "debug": "^4.3.2", + "debug": "^4.3.4", "enquirer": "^2.3.6", "eventemitter2": "6.4.7", "execa": "4.1.0", @@ -3981,12 +4019,13 @@ "listr2": "^3.8.3", "lodash": "^4.17.21", "log-symbols": "^4.0.0", - "minimist": "^1.2.6", + "minimist": "^1.2.8", "ospath": "^1.2.2", "pretty-bytes": "^5.6.0", + "process": "^0.11.10", "proxy-from-env": "1.0.0", "request-progress": "^3.0.0", - "semver": "^7.3.2", + "semver": "^7.5.3", "supports-color": "^8.1.1", "tmp": "~0.2.1", "untildify": "^4.0.0", @@ -3996,7 +4035,7 @@ "cypress": "bin/cypress" }, "engines": { - "node": "^14.0.0 || ^16.0.0 || >=18.0.0" + "node": "^16.0.0 || ^18.0.0 || >=20.0.0" } }, "node_modules/cypress-iframe": { @@ -4136,12 +4175,6 @@ "resolved": "https://registry.npmjs.org/cypress-xpath/-/cypress-xpath-1.6.2.tgz", "integrity": "sha512-mtwJPl840GQPGtb480fKR5vDIcijBHhAVwby5/AIPIT/UVT7UJhM2L42/R+venR7N01I0PoOJErb6UiMbCyUxg==" }, - "node_modules/cypress/node_modules/@types/node": { - "version": "14.18.12", - "resolved": "https://registry.npmjs.org/@types/node/-/node-14.18.12.tgz", - "integrity": "sha512-q4jlIR71hUpWTnGhXWcakgkZeHa3CCjcQcnuzU8M891BAWA2jHiziiWEPEkdS5pFsz7H9HJiy8BrK7tBRNrY7A==", - "dev": true - }, "node_modules/cypress/node_modules/buffer": { "version": "5.7.1", "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.7.1.tgz", @@ -4166,10 +4199,33 @@ "ieee754": "^1.1.13" } }, + "node_modules/cypress/node_modules/debug": { + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", + "dev": true, + "dependencies": { + "ms": "2.1.2" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } + } + }, + "node_modules/cypress/node_modules/ms": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", + "dev": true + }, "node_modules/cypress/node_modules/semver": { - "version": "7.3.7", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.7.tgz", - "integrity": "sha512-QlYTucUYOews+WeEujDoEGziz4K6c47V/Bd+LjSSYcA94p+DmINdf7ncaUinThfvZyu13lN9OY1XDxt8C0Tw0g==", + "version": "7.5.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", + "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", "dev": true, "dependencies": { "lru-cache": "^6.0.0" @@ -7332,10 +7388,13 @@ } }, "node_modules/minimist": { - "version": "1.2.6", - "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz", - "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==", - "dev": true + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==", + "dev": true, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } }, "node_modules/minipass": { "version": "3.3.6", @@ -8765,6 +8824,14 @@ "once": "^1.3.1" } }, + "node_modules/punycode": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", + "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==", + "engines": { + "node": ">=6" + } + }, "node_modules/qs": { "version": "6.5.3", "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.3.tgz", @@ -8773,6 +8840,12 @@ "node": ">=0.6" } }, + "node_modules/querystringify": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.2.0.tgz", + "integrity": "sha512-FIqgj2EUvTa7R50u0rGsyTftzjYmv/a3hO345bZNrqabNqjtgiDMgmo4mkUjd+nzU5oF3dClKqFIPUKybUyqoQ==", + "dev": true + }, "node_modules/queue-microtask": { "version": "1.2.3", "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", @@ -9106,6 +9179,12 @@ "resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz", "integrity": "sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg==" }, + "node_modules/requires-port": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz", + "integrity": "sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ==", + "dev": true + }, "node_modules/resolve": { "version": "1.22.0", "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.0.tgz", @@ -10007,14 +10086,6 @@ "node": ">=0.8" } }, - "node_modules/tough-cookie/node_modules/punycode": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz", - "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==", - "engines": { - "node": ">=6" - } - }, "node_modules/tsconfig-paths": { "version": "3.14.1", "resolved": "https://registry.npmjs.org/tsconfig-paths/-/tsconfig-paths-3.14.1.tgz", @@ -10293,12 +10364,14 @@ "punycode": "^2.1.0" } }, - "node_modules/uri-js/node_modules/punycode": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz", - "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==", - "engines": { - "node": ">=6" + "node_modules/url-parse": { + "version": "1.5.10", + "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.5.10.tgz", + "integrity": "sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==", + "dev": true, + "dependencies": { + "querystringify": "^2.1.1", + "requires-port": "^1.0.0" } }, "node_modules/util-deprecate": { @@ -12112,9 +12185,9 @@ } }, "@cypress/request": { - "version": "2.88.10", - "resolved": "https://registry.npmjs.org/@cypress/request/-/request-2.88.10.tgz", - "integrity": "sha512-Zp7F+R93N0yZyG34GutyTNr+okam7s/Fzc1+i3kcqOP8vk6OuajuE9qZJ6Rs+10/1JFtXFYMdyarnU1rZuJesg==", + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/@cypress/request/-/request-3.0.1.tgz", + "integrity": "sha512-TWivJlJi8ZDx2wGOw1dbLuHJKUYX7bWySw377nlnGOW3hP9/MUKIsEdXT/YngWxVdgNCHRBmFlBipE+5/2ZZlQ==", "dev": true, "requires": { "aws-sign2": "~0.7.0", @@ -12130,9 +12203,9 @@ "json-stringify-safe": "~5.0.1", "mime-types": "~2.1.19", "performance-now": "^2.1.0", - "qs": "~6.5.2", + "qs": "6.10.4", "safe-buffer": "^5.1.2", - "tough-cookie": "~2.5.0", + "tough-cookie": "^4.1.3", "tunnel-agent": "^0.6.0", "uuid": "^8.3.2" }, @@ -12147,6 +12220,33 @@ "combined-stream": "^1.0.6", "mime-types": "^2.1.12" } + }, + "qs": { + "version": "6.10.4", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.10.4.tgz", + "integrity": "sha512-OQiU+C+Ds5qiH91qh/mg0w+8nwQuLjM4F4M/PbmhDOoYehPh+Fb0bDjtR1sOvy7YKxvj28Y/M0PhP5uVX0kB+g==", + "dev": true, + "requires": { + "side-channel": "^1.0.4" + } + }, + "tough-cookie": { + "version": "4.1.3", + "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-4.1.3.tgz", + "integrity": "sha512-aX/y5pVRkfRnfmuX+OdbSdXvPe6ieKX/G2s7e98f4poJHnqH3281gDPm/metm6E/WRamfx7WC4HUqkWHfQHprw==", + "dev": true, + "requires": { + "psl": "^1.1.33", + "punycode": "^2.1.1", + "universalify": "^0.2.0", + "url-parse": "^1.5.3" + } + }, + "universalify": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.2.0.tgz", + "integrity": "sha512-CJ1QgKmNg3CwvAv/kOFmtnEN05f0D/cn9QntgNOQlQF9dgvVTHj3t+8JPdjqawCHk7V/KA+fbUqzZ9XWhcqPUg==", + "dev": true } } }, @@ -13560,9 +13660,9 @@ } }, "commander": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/commander/-/commander-5.1.0.tgz", - "integrity": "sha512-P0CysNDQ7rtVw4QIQtm+MRxV66vKFSvlsQvGYXZWR3qFU0jlMKHZZZgw8e+8DSah4UDKMqnknRDQz+xuQXQ/Zg==", + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/commander/-/commander-6.2.1.tgz", + "integrity": "sha512-U7VdrJFnJgo4xjrHpTzu0yrHPGImdsmD95ZlgYSEajAn2JKzDhDTPG9kBTefmObL2w/ngeZnilk+OV9CG3d7UA==", "dev": true }, "common-tags": { @@ -13651,14 +13751,13 @@ "integrity": "sha512-o2JlM7ydqd3Qk9CA0L4NL6mTzU2sdx96a+oOfPu8Mkl/PK51vSyoi8/rQ8NknZtk44vq15lmhAj9CIAGwgeWKw==" }, "cypress": { - "version": "12.4.0", - "resolved": "https://registry.npmjs.org/cypress/-/cypress-12.4.0.tgz", - "integrity": "sha512-//h93K/yGC/7pxv1KamlkADbKHLp5h3f9rZDE2McRjXZDagMETH0sXowOOanvhsH8cFt/JWspIcK+p9cuaoAqg==", + "version": "13.6.3", + "resolved": "https://registry.npmjs.org/cypress/-/cypress-13.6.3.tgz", + "integrity": "sha512-d/pZvgwjAyZsoyJ3FOsJT5lDsqnxQ/clMqnNc++rkHjbkkiF2h9s0JsZSyyH4QXhVFW3zPFg82jD25roFLOdZA==", "dev": true, "requires": { - "@cypress/request": "^2.88.10", + "@cypress/request": "^3.0.0", "@cypress/xvfb": "^1.2.4", - "@types/node": "^14.14.31", "@types/sinonjs__fake-timers": "8.1.1", "@types/sizzle": "^2.3.2", "arch": "^2.2.0", @@ -13670,10 +13769,10 @@ "check-more-types": "^2.24.0", "cli-cursor": "^3.1.0", "cli-table3": "~0.6.1", - "commander": "^5.1.0", + "commander": "^6.2.1", "common-tags": "^1.8.0", "dayjs": "^1.10.4", - "debug": "^4.3.2", + "debug": "^4.3.4", "enquirer": "^2.3.6", "eventemitter2": "6.4.7", "execa": "4.1.0", @@ -13688,24 +13787,19 @@ "listr2": "^3.8.3", "lodash": "^4.17.21", "log-symbols": "^4.0.0", - "minimist": "^1.2.6", + "minimist": "^1.2.8", "ospath": "^1.2.2", "pretty-bytes": "^5.6.0", + "process": "^0.11.10", "proxy-from-env": "1.0.0", "request-progress": "^3.0.0", - "semver": "^7.3.2", + "semver": "^7.5.3", "supports-color": "^8.1.1", "tmp": "~0.2.1", "untildify": "^4.0.0", "yauzl": "^2.10.0" }, "dependencies": { - "@types/node": { - "version": "14.18.12", - "resolved": "https://registry.npmjs.org/@types/node/-/node-14.18.12.tgz", - "integrity": "sha512-q4jlIR71hUpWTnGhXWcakgkZeHa3CCjcQcnuzU8M891BAWA2jHiziiWEPEkdS5pFsz7H9HJiy8BrK7tBRNrY7A==", - "dev": true - }, "buffer": { "version": "5.7.1", "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.7.1.tgz", @@ -13716,10 +13810,25 @@ "ieee754": "^1.1.13" } }, + "debug": { + "version": "4.3.4", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz", + "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==", + "dev": true, + "requires": { + "ms": "2.1.2" + } + }, + "ms": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", + "dev": true + }, "semver": { - "version": "7.3.7", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.7.tgz", - "integrity": "sha512-QlYTucUYOews+WeEujDoEGziz4K6c47V/Bd+LjSSYcA94p+DmINdf7ncaUinThfvZyu13lN9OY1XDxt8C0Tw0g==", + "version": "7.5.4", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.4.tgz", + "integrity": "sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA==", "dev": true, "requires": { "lru-cache": "^6.0.0" @@ -16211,9 +16320,9 @@ } }, "minimist": { - "version": "1.2.6", - "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz", - "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==", + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==", "dev": true }, "minipass": { @@ -17272,11 +17381,22 @@ "once": "^1.3.1" } }, + "punycode": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz", + "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==" + }, "qs": { "version": "6.5.3", "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.3.tgz", "integrity": "sha512-qxXIEh4pCGfHICj1mAJQ2/2XVZkjCDTcEgfoSQxc/fYivUZxTkk7L3bDBJSoNrEzXI17oUO5Dp07ktqE5KzczA==" }, + "querystringify": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-2.2.0.tgz", + "integrity": "sha512-FIqgj2EUvTa7R50u0rGsyTftzjYmv/a3hO345bZNrqabNqjtgiDMgmo4mkUjd+nzU5oF3dClKqFIPUKybUyqoQ==", + "dev": true + }, "queue-microtask": { "version": "1.2.3", "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz", @@ -17536,6 +17656,12 @@ "resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz", "integrity": "sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg==" }, + "requires-port": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz", + "integrity": "sha512-KigOCHcocU3XODJxsu8i/j8T9tzT4adHiecwORRQ0ZZFcp7ahwXuRU1m+yuO90C5ZUyGeGfocHDI14M3L3yDAQ==", + "dev": true + }, "resolve": { "version": "1.22.0", "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.0.tgz", @@ -18205,13 +18331,6 @@ "requires": { "psl": "^1.1.28", "punycode": "^2.1.1" - }, - "dependencies": { - "punycode": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz", - "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==" - } } }, "tsconfig-paths": { @@ -18414,13 +18533,16 @@ "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==", "requires": { "punycode": "^2.1.0" - }, - "dependencies": { - "punycode": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz", - "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==" - } + } + }, + "url-parse": { + "version": "1.5.10", + "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.5.10.tgz", + "integrity": "sha512-WypcfiRhfeUP9vvF0j6rw0J3hrWrw6iZv3+22h6iRMJ/8z1Tj6XfLP4DsUix5MhMPnXpiHDoKyoZ/bdCkwBCiQ==", + "dev": true, + "requires": { + "querystringify": "^2.1.1", + "requires-port": "^1.0.0" } }, "util-deprecate": { diff --git a/e2e/package.json b/e2e/package.json index 9ed7e4bb4..15c2af007 100644 --- a/e2e/package.json +++ b/e2e/package.json @@ -31,7 +31,7 @@ "@types/request": "^2.48.7", "@typescript-eslint/eslint-plugin": "^4.28.1", "@typescript-eslint/parser": "^4.28.1", - "cypress": "^12.4.0", + "cypress": "^13.6.4", "cypress-iframe": "^1.0.1", "cypress-mochawesome-reporter": "^3.2.3", "cypress-slow-down": "^1.2.1", diff --git a/local/feeder-init/init.sh b/local/feeder-init/init.sh index 45c62582b..31de8f274 100755 --- a/local/feeder-init/init.sh +++ b/local/feeder-init/init.sh @@ -3,7 +3,7 @@ apk add --no-cache curl cd /tmp while true; do - keycloakstatus=$(curl -o /dev/null -Isw '%{http_code}\n' http://keycloak.localtest.me:9080/auth/realms/master) + keycloakstatus=$(curl -o /dev/null -Isw '%{http_code}\n' http://keycloak.localtest.me:9081/auth/realms/master) echo "$keycloakstatus" if [[ "$keycloakstatus" == "200" ]]; then echo "Keycloak is up" @@ -12,8 +12,8 @@ while true; do curl http://feeder.localtest.me:6000/push -F yaml=@developer-user.yaml curl http://feeder.localtest.me:6000/push -F yaml=@mark-user.yaml curl http://feeder.localtest.me:6000/push -F yaml=@platform-authz-profile.yaml - curl http://feeder.localtest.me:6000/push -F yaml=@shared-idp.yaml curl http://feeder.localtest.me:6000/push -F yaml=@platform-gwa-api.yaml + curl http://feeder.localtest.me:6000/push -F yaml=@shared-idp.yaml curl http://feeder.localtest.me:6000/push -F yaml=@organization-unit.yaml # curl http://feeder.localtest.me:6000/push -F yaml=@dataset-gwa.yaml curl http://feeder.localtest.me:6000/push -F yaml=@org-dataset.yaml diff --git a/local/feeder-init/platform-authz-profile.yaml b/local/feeder-init/platform-authz-profile.yaml index 2d48ceda7..613f9475b 100644 --- a/local/feeder-init/platform-authz-profile.yaml +++ b/local/feeder-init/platform-authz-profile.yaml @@ -1,7 +1,7 @@ entity: CredentialIssuer record: id: 'Gateway Services Resource Server' - namespace: newplatform + namespace: platform description: 'Authorization Profile for protecting the Gateway Services API' flow: client-credentials mode: auto @@ -21,7 +21,7 @@ record: owner: janis@testmail.com environmentDetails: - environment: prod - issuerUrl: http://keycloak.localtest.me:9080/auth/realms/master + issuerUrl: http://keycloak.localtest.me:9081/auth/realms/master clientId: gwa-api clientRegistration: managed clientSecret: '18900468-3db1-43f7-a8af-e75f079eb742' diff --git a/local/feeder-init/platform-gwa-api.yaml b/local/feeder-init/platform-gwa-api.yaml index 499979bef..94da52ba7 100644 --- a/local/feeder-init/platform-gwa-api.yaml +++ b/local/feeder-init/platform-gwa-api.yaml @@ -2,7 +2,7 @@ entity: Product record: appId: 748D98F1F56C name: Gateway Services API - namespace: newplatform + namespace: platform environments: - appId: E0000000 name: prod diff --git a/local/feeder-init/shared-idp-copy.yaml b/local/feeder-init/shared-idp-copy.yaml index a2a43881e..73238b64c 100644 --- a/local/feeder-init/shared-idp-copy.yaml +++ b/local/feeder-init/shared-idp-copy.yaml @@ -9,12 +9,12 @@ record: authPlugin: jwt-keycloak clientRoles: [] availableScopes: [] - clientMappers: [{"name": "audience","defaultValue": "test2"}] + clientMappers: [{ 'name': 'audience', 'defaultValue': 'test2' }] owner: janis@testmail.com isShared: true environmentDetails: - environment: test - issuerUrl: http://keycloak.localtest.me:9080/auth/realms/master + issuerUrl: http://keycloak.localtest.me:9081/auth/realms/master clientId: gwa-api clientRegistration: managed clientSecret: '18900468-3db1-43f7-a8af-e75f079eb742' diff --git a/local/feeder-init/shared-idp.yaml b/local/feeder-init/shared-idp.yaml index db4b928cf..10e77d92d 100644 --- a/local/feeder-init/shared-idp.yaml +++ b/local/feeder-init/shared-idp.yaml @@ -1,7 +1,7 @@ entity: CredentialIssuer record: id: 'Sample Shared IdP' - namespace: newplatform + namespace: platform description: 'A Shared IdP for Teams to use' flow: client-credentials mode: auto @@ -13,7 +13,7 @@ record: isShared: true environmentDetails: - environment: test - issuerUrl: http://keycloak.localtest.me:9080/auth/realms/master + issuerUrl: http://keycloak.localtest.me:9081/auth/realms/master clientId: gwa-api clientRegistration: managed clientSecret: '18900468-3db1-43f7-a8af-e75f079eb742' diff --git a/local/gwa-api/.env.local b/local/gwa-api/.env.local index 5f135b12b..7cf8877d2 100644 --- a/local/gwa-api/.env.local +++ b/local/gwa-api/.env.local @@ -1,12 +1,12 @@ PORT=2000 LOG_LEVEL=DEBUG -OIDC_BASE_URL=http://keycloak.localtest.me:9080/auth/realms/master +OIDC_BASE_URL=http://keycloak.localtest.me:9081/auth/realms/master TOKEN_MATCH_AUD=gwa WORKING_FOLDER=/tmp CONFIG_PATH=/tmp/production.json ENVIRONMENT=production KONG_ADMIN_URL=http://kong.localtest.me:8001 -KC_SERVER_URL=http://keycloak.localtest.me:9080/auth/ +KC_SERVER_URL=http://keycloak.localtest.me:9081/auth/ KC_REALM=master KC_USERNAME=local KC_PASSWORD=local diff --git a/local/gwa-api/entrypoint.sh b/local/gwa-api/entrypoint.sh index 50675fdb0..30aa32045 100755 --- a/local/gwa-api/entrypoint.sh +++ b/local/gwa-api/entrypoint.sh @@ -55,7 +55,7 @@ kong-addr: $KONG_ADMIN_URL EOF while true; do - keycloakstatus=$(curl -o /dev/null -Isw '%{http_code}\n' http://keycloak.localtest.me:9080/auth/realms/master) + keycloakstatus=$(curl -o /dev/null -Isw '%{http_code}\n' http://keycloak.localtest.me:9081/auth/realms/master) echo "$keycloakstatus" if [[ "$keycloakstatus" == "200" ]]; then echo "Keycloak is up" diff --git a/local/gwa-cli/gw-config.yml b/local/gwa-cli/gw-config.yml new file mode 100644 index 000000000..c878bd092 --- /dev/null +++ b/local/gwa-cli/gw-config.yml @@ -0,0 +1,99 @@ +kind: Namespace +name: gw-12345 +displayName: gw-12345 Display Name +--- +kind: GatewayService +name: my-service-dev +tags: [ns.gw-12345] +host: httpbin.org +port: 443 +protocol: https +retries: 0 +routes: + - name: my-service-dev + tags: [ns.gw-12345] + hosts: + - my-service.dev.api.gov.bc.ca + methods: + - GET + strip_path: false + https_redirect_status_code: 426 + path_handling: v0 + request_buffering: true + response_buffering: true +plugins: + - name: jwt-keycloak + tags: [ns.gw-12345] + enabled: true + config: + allowed_iss: + - http://keycloak.localtest.me:9081/auth/realms/master + allowed_aud: ap-gw-12345-default-test + run_on_preflight: true + iss_key_grace_period: 10 + maximum_expiration: 0 + algorithm: RS256 + claims_to_verify: + - exp + uri_param_names: + - jwt + cookie_names: [] + scope: null + roles: null + realm_roles: null + client_roles: null + anonymous: null + consumer_match: true + consumer_match_claim: azp + consumer_match_claim_custom_id: true + consumer_match_ignore_not_found: false + - name: request-transformer + tags: [ns.gw-12345] + enabled: true + config: + http_method: null +--- +kind: CredentialIssuer +name: gw-12345 default +description: Default Authorization Profile for gw-12345 Gateway +flow: client-credentials +mode: auto +authPlugin: jwt-keycloak +clientAuthenticator: client-secret +clientRoles: [] +inheritFrom: Sample Shared IdP +--- +kind: DraftDataset +name: my-service-dataset +title: my-service +organization: ministry-of-health +organizationUnit: planning-and-innovation-division +notes: Some information about the my-service service +tags: [my-service, openapi] +license_title: Access Only +view_audience: Government +security_class: LOW-PUBLIC +record_publish_date: '2021-05-27' +--- +kind: Product +appId: '242925AE01CF' +name: my-service API +dataset: my-service-dataset +environments: + - name: test + appId: 'AF13BB19' + active: false + approval: false + flow: client-credentials + credentialIssuer: gw-12345 default + services: [my-service-dev] +# --- +# kind: ProductEnvironment +# name: dev +# product: my-service API +# appId: 'A308A21A' +# active: false +# approval: true +# flow: client-credentials +# credentialIssuer: gw-12345 default +# services: [my-service-dev] diff --git a/local/keycloak/master-realm.json b/local/keycloak/master-realm.json index bc8b64447..7c9787de8 100644 --- a/local/keycloak/master-realm.json +++ b/local/keycloak/master-realm.json @@ -1,3138 +1,3944 @@ { - "id" : "master", - "realm" : "master", - "displayName" : "BCGov API Management Portal (DEV)", - "displayNameHtml" : "
Local Keycloak
", - "notBefore" : 0, - "revokeRefreshToken" : false, - "refreshTokenMaxReuse" : 0, - "accessTokenLifespan" : 300, - "accessTokenLifespanForImplicitFlow" : 900, - "ssoSessionIdleTimeout" : 1800, - "ssoSessionMaxLifespan" : 36000, - "ssoSessionIdleTimeoutRememberMe" : 0, - "ssoSessionMaxLifespanRememberMe" : 0, - "offlineSessionIdleTimeout" : 2592000, - "offlineSessionMaxLifespanEnabled" : false, - "offlineSessionMaxLifespan" : 5184000, - "clientSessionIdleTimeout" : 0, - "clientSessionMaxLifespan" : 0, - "clientOfflineSessionIdleTimeout" : 0, - "clientOfflineSessionMaxLifespan" : 0, - "accessCodeLifespan" : 60, - "accessCodeLifespanUserAction" : 43200, - "accessCodeLifespanLogin" : 864000000, - "actionTokenGeneratedByAdminLifespan" : 43200, - "actionTokenGeneratedByUserLifespan" : 43200, - "enabled" : true, - "sslRequired" : "external", - "registrationAllowed" : false, - "registrationEmailAsUsername" : false, - "rememberMe" : false, - "verifyEmail" : false, - "loginWithEmailAllowed" : false, - "duplicateEmailsAllowed" : true, - "resetPasswordAllowed" : false, - "editUsernameAllowed" : false, - "bruteForceProtected" : false, - "permanentLockout" : false, - "maxFailureWaitSeconds" : 900, - "minimumQuickLoginWaitSeconds" : 60, - "waitIncrementSeconds" : 60, - "quickLoginCheckMilliSeconds" : 1000, - "maxDeltaTimeSeconds" : 43200, - "failureFactor" : 30, - "roles" : { - "realm" : [ { - "id" : "2905dd1c-feb7-4b4c-a51a-924697adf78a", - "name" : "create-realm", - "description" : "${role_create-realm}", - "composite" : false, - "clientRole" : false, - "containerId" : "master", - "attributes" : { } - }, { - "id" : "006ba659-502a-4f51-aff5-3aa1cbb13d02", - "name" : "uma_authorization", - "description" : "${role_uma_authorization}", - "composite" : false, - "clientRole" : false, - "containerId" : "master", - "attributes" : { } - }, { - "id" : "ba7796d3-c1ba-4fb3-8c33-27226c979eba", - "name" : "aps-admin", - "composite" : false, - "clientRole" : false, - "containerId" : "master", - "attributes" : { } - }, { - "id" : "005aef84-ea6d-4edf-90b6-fc7bd64945ad", - "name" : "credential-admin", - "composite" : false, - "clientRole" : false, - "containerId" : "master", - "attributes" : { } - }, { - "id" : "65344728-04bb-4cb8-afe5-3d41cb4457ec", - "name" : "offline_access", - "description" : "${role_offline-access}", - "composite" : false, - "clientRole" : false, - "containerId" : "master", - "attributes" : { } - }, { - "id" : "75fad79d-71f1-46c2-b79b-001d25eae49f", - "name" : "api-manager", - "composite" : false, - "clientRole" : false, - "containerId" : "master", - "attributes" : { } - }, { - "id" : "0d22b102-52e1-4152-b119-2f6846e21b84", - "name" : "api-owner", - "composite" : false, - "clientRole" : false, - "containerId" : "master", - "attributes" : { } - }, { - "id" : "064ef17c-0617-4cbc-b632-77a2fa0919b7", - "name" : "admin", - "description" : "${role_admin}", - "composite" : true, - "composites" : { - "realm" : [ "create-realm" ], - "client" : { - "aps-v2-realm" : [ "query-realms", "create-client", "manage-realm", "manage-authorization", "manage-events", "impersonation", "view-authorization", "manage-identity-providers", "query-users", "manage-clients", "view-identity-providers", "query-groups", "view-events", "view-users", "manage-users", "view-clients", "query-clients", "view-realm" ], - "master-realm" : [ "query-realms", "manage-identity-providers", "manage-authorization", "manage-clients", "impersonation", "query-users", "manage-events", "manage-users", "view-identity-providers", "view-events", "view-users", "create-client", "query-clients", "query-groups", "view-realm", "view-clients", "manage-realm", "view-authorization" ] - } + "id": "master", + "realm": "master", + "displayName": "BCGov API Management Portal (DEV)", + "displayNameHtml": "
Local Keycloak
", + "notBefore": 0, + "defaultSignatureAlgorithm": "RS256", + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 43200, + "accessCodeLifespanLogin": 864000000, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 43200, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": false, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": false, + "duplicateEmailsAllowed": true, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "roles": { + "realm": [ + { + "id": "2905dd1c-feb7-4b4c-a51a-924697adf78a", + "name": "create-realm", + "description": "${role_create-realm}", + "composite": false, + "clientRole": false, + "containerId": "master", + "attributes": {} + }, + { + "id": "006ba659-502a-4f51-aff5-3aa1cbb13d02", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "master", + "attributes": {} + }, + { + "id": "ba7796d3-c1ba-4fb3-8c33-27226c979eba", + "name": "aps-admin", + "composite": false, + "clientRole": false, + "containerId": "master", + "attributes": {} + }, + { + "id": "005aef84-ea6d-4edf-90b6-fc7bd64945ad", + "name": "credential-admin", + "composite": false, + "clientRole": false, + "containerId": "master", + "attributes": {} + }, + { + "id": "65344728-04bb-4cb8-afe5-3d41cb4457ec", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "master", + "attributes": {} + }, + { + "id": "75fad79d-71f1-46c2-b79b-001d25eae49f", + "name": "api-manager", + "composite": false, + "clientRole": false, + "containerId": "master", + "attributes": {} }, - "clientRole" : false, - "containerId" : "master", - "attributes" : { } - } ], - "client" : { - "aps-portal" : [ { - "id" : "b393d043-9ade-4c64-a6e1-5f70c9a416e3", - "name" : "api-owner", - "composite" : false, - "clientRole" : true, - "containerId" : "f333c5e5-fba2-48e8-aab7-7b6862881202", - "attributes" : { } - }, { - "id" : "e0c6f7a0-3a8b-4572-9dac-82dd4b676b30", - "name" : "credential-admin", - "composite" : false, - "clientRole" : true, - "containerId" : "f333c5e5-fba2-48e8-aab7-7b6862881202", - "attributes" : { } - }, { - "id" : "3c0fcf9e-e622-497d-8146-eddd0304f9c8", - "name" : "aps-admin", - "composite" : false, - "clientRole" : true, - "containerId" : "f333c5e5-fba2-48e8-aab7-7b6862881202", - "attributes" : { } - }, { - "id" : "9a357bd3-2c73-40ea-ac09-399a9f7cc9f8", - "name" : "api-manager", - "composite" : false, - "clientRole" : true, - "containerId" : "f333c5e5-fba2-48e8-aab7-7b6862881202", - "attributes" : { } - }, { - "id" : "2c0e0832-4a1e-411b-a8f9-8f86096c3968", - "name" : "developer", - "composite" : false, - "clientRole" : true, - "containerId" : "f333c5e5-fba2-48e8-aab7-7b6862881202", - "attributes" : { } - } ], - "gwa-api" : [ { - "id" : "a50b2fc6-ea49-46d8-9716-683f3a764f5d", - "name" : "developer", - "composite" : false, - "clientRole" : true, - "containerId" : "c002b2b1-0ca8-4fd6-896e-6d2e3395a345", - "attributes" : { } - }, { - "id" : "0c1c2230-24d4-4199-af35-bed6a1044c70", - "name" : "api-admin", - "composite" : false, - "clientRole" : true, - "containerId" : "c002b2b1-0ca8-4fd6-896e-6d2e3395a345", - "attributes" : { } - }, { - "id" : "409fcd4e-54ab-4e19-bdc5-ef8059721e22", - "name" : "uma_protection", - "composite" : false, - "clientRole" : true, - "containerId" : "c002b2b1-0ca8-4fd6-896e-6d2e3395a345", - "attributes" : { } - }, { - "id" : "8d387de9-3d53-4a69-9cb4-d5d285926029", - "name" : "api-owner", - "composite" : false, - "clientRole" : true, - "containerId" : "c002b2b1-0ca8-4fd6-896e-6d2e3395a345", - "attributes" : { } - } ], - "aps-v2-realm" : [ { - "id" : "a7ff1dc9-1214-4757-861b-453b204e460f", - "name" : "manage-events", - "description" : "${role_manage-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "62f2227e-e1ac-4c74-b278-1eab7f7664ae", - "attributes" : { } - }, { - "id" : "faf54935-32bc-4e01-b0e6-8b9bb1cae6e8", - "name" : "query-realms", - "description" : "${role_query-realms}", - "composite" : false, - "clientRole" : true, - "containerId" : "62f2227e-e1ac-4c74-b278-1eab7f7664ae", - "attributes" : { } - }, { - "id" : "2272fc44-5c1d-465d-9608-6b4612e26755", - "name" : "impersonation", - "description" : "${role_impersonation}", - "composite" : false, - "clientRole" : true, - "containerId" : "62f2227e-e1ac-4c74-b278-1eab7f7664ae", - "attributes" : { } - }, { - "id" : "fecb856f-8db8-4432-9f11-6b3426372a9c", - "name" : "create-client", - "description" : "${role_create-client}", - "composite" : false, - "clientRole" : true, - "containerId" : "62f2227e-e1ac-4c74-b278-1eab7f7664ae", - "attributes" : { } - }, { - "id" : "dd8c065c-fcd9-4f58-8dad-ec6100cbcbdf", - "name" : "view-authorization", - "description" : "${role_view-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "62f2227e-e1ac-4c74-b278-1eab7f7664ae", - "attributes" : { } - }, { - "id" : "ec6f0230-82ae-4713-8d21-fc97214042d9", - "name" : "manage-identity-providers", - "description" : "${role_manage-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "62f2227e-e1ac-4c74-b278-1eab7f7664ae", - "attributes" : { } - }, { - "id" : "f33e3aa2-0b3e-4397-9968-82be07d68f40", - "name" : "manage-realm", - "description" : "${role_manage-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "62f2227e-e1ac-4c74-b278-1eab7f7664ae", - "attributes" : { } - }, { - "id" : "d08507c5-eb84-4d60-93f6-7c72f01536e7", - "name" : "query-users", - "description" : "${role_query-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "62f2227e-e1ac-4c74-b278-1eab7f7664ae", - "attributes" : { } - }, { - "id" : "46d331cb-9fac-45af-b5ba-25bf003b9281", - "name" : "manage-clients", - "description" : "${role_manage-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "62f2227e-e1ac-4c74-b278-1eab7f7664ae", - "attributes" : { } - }, { - "id" : "77c0c84d-427b-4d73-a185-6bf3108ff9a2", - "name" : "view-identity-providers", - "description" : "${role_view-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "62f2227e-e1ac-4c74-b278-1eab7f7664ae", - "attributes" : { } - }, { - "id" : "3a3f1c10-0d53-4a25-8bb8-46121f304af4", - "name" : "query-groups", - "description" : "${role_query-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "62f2227e-e1ac-4c74-b278-1eab7f7664ae", - "attributes" : { } - }, { - "id" : "12b4667f-1cb1-408d-bb8f-9905edea4fee", - "name" : "view-events", - "description" : "${role_view-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "62f2227e-e1ac-4c74-b278-1eab7f7664ae", - "attributes" : { } - }, { - "id" : "99fcf818-a472-4ed1-8b23-d86a54156cf3", - "name" : "view-users", - "description" : "${role_view-users}", - "composite" : true, - "composites" : { - "client" : { - "aps-v2-realm" : [ "query-groups", "query-users" ] + { + "id": "0d22b102-52e1-4152-b119-2f6846e21b84", + "name": "api-owner", + "composite": false, + "clientRole": false, + "containerId": "master", + "attributes": {} + }, + { + "id": "064ef17c-0617-4cbc-b632-77a2fa0919b7", + "name": "admin", + "description": "${role_admin}", + "composite": true, + "composites": { + "realm": ["create-realm"], + "client": { + "aps-v2-realm": [ + "query-realms", + "create-client", + "manage-realm", + "manage-authorization", + "manage-events", + "impersonation", + "view-authorization", + "manage-identity-providers", + "query-users", + "manage-clients", + "view-identity-providers", + "query-groups", + "view-events", + "view-users", + "manage-users", + "view-clients", + "query-clients", + "view-realm" + ], + "master-realm": [ + "query-realms", + "manage-identity-providers", + "manage-authorization", + "manage-clients", + "impersonation", + "query-users", + "manage-events", + "manage-users", + "view-identity-providers", + "view-events", + "view-users", + "create-client", + "query-clients", + "query-groups", + "view-realm", + "view-clients", + "manage-realm", + "view-authorization" + ] } }, - "clientRole" : true, - "containerId" : "62f2227e-e1ac-4c74-b278-1eab7f7664ae", - "attributes" : { } - }, { - "id" : "e2bdd89b-1b4c-448e-b4a5-cc1196918e85", - "name" : "manage-users", - "description" : "${role_manage-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "62f2227e-e1ac-4c74-b278-1eab7f7664ae", - "attributes" : { } - }, { - "id" : "8eecebf6-489f-4924-8afc-d40de58260a5", - "name" : "view-clients", - "description" : "${role_view-clients}", - "composite" : true, - "composites" : { - "client" : { - "aps-v2-realm" : [ "query-clients" ] - } + "clientRole": false, + "containerId": "master", + "attributes": {} + } + ], + "client": { + "aps-portal": [ + { + "id": "b393d043-9ade-4c64-a6e1-5f70c9a416e3", + "name": "api-owner", + "composite": false, + "clientRole": true, + "containerId": "f333c5e5-fba2-48e8-aab7-7b6862881202", + "attributes": {} }, - "clientRole" : true, - "containerId" : "62f2227e-e1ac-4c74-b278-1eab7f7664ae", - "attributes" : { } - }, { - "id" : "a93e05d2-ca5c-46e7-bd66-f98f915fdc30", - "name" : "query-clients", - "description" : "${role_query-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "62f2227e-e1ac-4c74-b278-1eab7f7664ae", - "attributes" : { } - }, { - "id" : "8016bdc5-4da8-4416-b6ef-fee7796cc8c2", - "name" : "manage-authorization", - "description" : "${role_manage-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "62f2227e-e1ac-4c74-b278-1eab7f7664ae", - "attributes" : { } - }, { - "id" : "4c0f70bf-59c5-4878-a14a-eb658ea9ad4b", - "name" : "view-realm", - "description" : "${role_view-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "62f2227e-e1ac-4c74-b278-1eab7f7664ae", - "attributes" : { } - } ], - "sa-platform-e0000000-fa46551361b4" : [ ], - "security-admin-console" : [ ], - "sa-platform1-e0000000-5be82156d61f" : [ ], - "admin-cli" : [ ], - "account-console" : [ ], - "broker" : [ { - "id" : "8a00a2b3-fc3b-4b7d-aee1-1b3e46507b20", - "name" : "read-token", - "description" : "${role_read-token}", - "composite" : false, - "clientRole" : true, - "containerId" : "db7f58dc-c007-4e4c-ad7b-14f57a0521cd", - "attributes" : { } - } ], - "master-realm" : [ { - "id" : "a04656f4-d096-4cff-91f4-9b9f286c768d", - "name" : "query-realms", - "description" : "${role_query-realms}", - "composite" : false, - "clientRole" : true, - "containerId" : "4e6525e9-647c-4c80-85d6-9c13890b0ab2", - "attributes" : { } - }, { - "id" : "cccc1d8a-1a88-4a60-aff7-f7e5ec751f3f", - "name" : "view-identity-providers", - "description" : "${role_view-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "4e6525e9-647c-4c80-85d6-9c13890b0ab2", - "attributes" : { } - }, { - "id" : "be5bcb8d-7466-402f-b289-6be26f961b0b", - "name" : "manage-identity-providers", - "description" : "${role_manage-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "4e6525e9-647c-4c80-85d6-9c13890b0ab2", - "attributes" : { } - }, { - "id" : "e62d2ea1-fb57-41ae-ad8d-17ee8fb7356b", - "name" : "manage-authorization", - "description" : "${role_manage-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "4e6525e9-647c-4c80-85d6-9c13890b0ab2", - "attributes" : { } - }, { - "id" : "f7247d9b-c35d-43dc-a10e-f1ce0cbc80fb", - "name" : "view-events", - "description" : "${role_view-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "4e6525e9-647c-4c80-85d6-9c13890b0ab2", - "attributes" : { } - }, { - "id" : "be5fe2ea-0119-4eb4-a2c8-dae5eb3fd308", - "name" : "manage-clients", - "description" : "${role_manage-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "4e6525e9-647c-4c80-85d6-9c13890b0ab2", - "attributes" : { } - }, { - "id" : "3b1d6088-a992-4f81-b43b-5f71854ef3a4", - "name" : "view-users", - "description" : "${role_view-users}", - "composite" : true, - "composites" : { - "client" : { - "master-realm" : [ "query-users", "query-groups" ] - } + { + "id": "e0c6f7a0-3a8b-4572-9dac-82dd4b676b30", + "name": "credential-admin", + "composite": false, + "clientRole": true, + "containerId": "f333c5e5-fba2-48e8-aab7-7b6862881202", + "attributes": {} }, - "clientRole" : true, - "containerId" : "4e6525e9-647c-4c80-85d6-9c13890b0ab2", - "attributes" : { } - }, { - "id" : "d7cd3f01-b2e9-42b0-be8c-ef438932096c", - "name" : "impersonation", - "description" : "${role_impersonation}", - "composite" : false, - "clientRole" : true, - "containerId" : "4e6525e9-647c-4c80-85d6-9c13890b0ab2", - "attributes" : { } - }, { - "id" : "42fe78c7-3bb9-430d-a78d-013b95b31d0c", - "name" : "create-client", - "description" : "${role_create-client}", - "composite" : false, - "clientRole" : true, - "containerId" : "4e6525e9-647c-4c80-85d6-9c13890b0ab2", - "attributes" : { } - }, { - "id" : "c4c4b2b9-41a6-46c0-852e-5fb8ed755348", - "name" : "query-users", - "description" : "${role_query-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "4e6525e9-647c-4c80-85d6-9c13890b0ab2", - "attributes" : { } - }, { - "id" : "c257a266-eba8-4469-8d9a-f171f489354c", - "name" : "query-clients", - "description" : "${role_query-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "4e6525e9-647c-4c80-85d6-9c13890b0ab2", - "attributes" : { } - }, { - "id" : "7e584743-ffe9-45e8-8f5b-722e07034141", - "name" : "query-groups", - "description" : "${role_query-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "4e6525e9-647c-4c80-85d6-9c13890b0ab2", - "attributes" : { } - }, { - "id" : "70aad632-dd34-46e8-813a-398914dd31c9", - "name" : "view-realm", - "description" : "${role_view-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "4e6525e9-647c-4c80-85d6-9c13890b0ab2", - "attributes" : { } - }, { - "id" : "6855b67a-f23d-40c9-a597-c98261e27ce4", - "name" : "view-clients", - "description" : "${role_view-clients}", - "composite" : true, - "composites" : { - "client" : { - "master-realm" : [ "query-clients" ] - } + { + "id": "3c0fcf9e-e622-497d-8146-eddd0304f9c8", + "name": "aps-admin", + "composite": false, + "clientRole": true, + "containerId": "f333c5e5-fba2-48e8-aab7-7b6862881202", + "attributes": {} }, - "clientRole" : true, - "containerId" : "4e6525e9-647c-4c80-85d6-9c13890b0ab2", - "attributes" : { } - }, { - "id" : "0725918a-6335-4556-aafa-ff6c3fb87989", - "name" : "manage-realm", - "description" : "${role_manage-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "4e6525e9-647c-4c80-85d6-9c13890b0ab2", - "attributes" : { } - }, { - "id" : "0d2640b7-461c-4c21-8270-064f5423ae74", - "name" : "manage-events", - "description" : "${role_manage-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "4e6525e9-647c-4c80-85d6-9c13890b0ab2", - "attributes" : { } - }, { - "id" : "ba7e040b-9462-489a-9467-965f69ae1025", - "name" : "manage-users", - "description" : "${role_manage-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "4e6525e9-647c-4c80-85d6-9c13890b0ab2", - "attributes" : { } - }, { - "id" : "b473aa2e-d49d-4ba5-b502-8d38db9dc81e", - "name" : "view-authorization", - "description" : "${role_view-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "4e6525e9-647c-4c80-85d6-9c13890b0ab2", - "attributes" : { } - } ], - "account" : [ { - "id" : "dba0e0ba-f826-49df-a378-031e5fbcfd13", - "name" : "view-applications", - "description" : "${role_view-applications}", - "composite" : false, - "clientRole" : true, - "containerId" : "bc61d6b7-6876-4193-9881-1b994596a207", - "attributes" : { } - }, { - "id" : "5d9f0b2a-55bb-4cda-ab2d-67b77cf925f0", - "name" : "view-consent", - "description" : "${role_view-consent}", - "composite" : false, - "clientRole" : true, - "containerId" : "bc61d6b7-6876-4193-9881-1b994596a207", - "attributes" : { } - }, { - "id" : "f58a3fc3-9fbd-4308-8528-cee3d267fc74", - "name" : "manage-account", - "description" : "${role_manage-account}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "manage-account-links" ] - } + { + "id": "9a357bd3-2c73-40ea-ac09-399a9f7cc9f8", + "name": "api-manager", + "composite": false, + "clientRole": true, + "containerId": "f333c5e5-fba2-48e8-aab7-7b6862881202", + "attributes": {} }, - "clientRole" : true, - "containerId" : "bc61d6b7-6876-4193-9881-1b994596a207", - "attributes" : { } - }, { - "id" : "b84c29be-1b56-4b8e-be2c-1b5153d8b1aa", - "name" : "view-profile", - "description" : "${role_view-profile}", - "composite" : false, - "clientRole" : true, - "containerId" : "bc61d6b7-6876-4193-9881-1b994596a207", - "attributes" : { } - }, { - "id" : "baccbb7e-8777-4ff5-9d1a-491b61f6d87f", - "name" : "manage-consent", - "description" : "${role_manage-consent}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "view-consent" ] - } + { + "id": "2c0e0832-4a1e-411b-a8f9-8f86096c3968", + "name": "developer", + "composite": false, + "clientRole": true, + "containerId": "f333c5e5-fba2-48e8-aab7-7b6862881202", + "attributes": {} + } + ], + "gwa-api": [ + { + "id": "a50b2fc6-ea49-46d8-9716-683f3a764f5d", + "name": "developer", + "composite": false, + "clientRole": true, + "containerId": "c002b2b1-0ca8-4fd6-896e-6d2e3395a345", + "attributes": {} + }, + { + "id": "0c1c2230-24d4-4199-af35-bed6a1044c70", + "name": "api-admin", + "composite": false, + "clientRole": true, + "containerId": "c002b2b1-0ca8-4fd6-896e-6d2e3395a345", + "attributes": {} + }, + { + "id": "409fcd4e-54ab-4e19-bdc5-ef8059721e22", + "name": "uma_protection", + "composite": false, + "clientRole": true, + "containerId": "c002b2b1-0ca8-4fd6-896e-6d2e3395a345", + "attributes": {} + }, + { + "id": "8d387de9-3d53-4a69-9cb4-d5d285926029", + "name": "api-owner", + "composite": false, + "clientRole": true, + "containerId": "c002b2b1-0ca8-4fd6-896e-6d2e3395a345", + "attributes": {} + } + ], + "aps-v2-realm": [ + { + "id": "a7ff1dc9-1214-4757-861b-453b204e460f", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "62f2227e-e1ac-4c74-b278-1eab7f7664ae", + "attributes": {} + }, + { + "id": "faf54935-32bc-4e01-b0e6-8b9bb1cae6e8", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "62f2227e-e1ac-4c74-b278-1eab7f7664ae", + "attributes": {} + }, + { + "id": "2272fc44-5c1d-465d-9608-6b4612e26755", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "62f2227e-e1ac-4c74-b278-1eab7f7664ae", + "attributes": {} + }, + { + "id": "fecb856f-8db8-4432-9f11-6b3426372a9c", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "62f2227e-e1ac-4c74-b278-1eab7f7664ae", + "attributes": {} + }, + { + "id": "dd8c065c-fcd9-4f58-8dad-ec6100cbcbdf", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "62f2227e-e1ac-4c74-b278-1eab7f7664ae", + "attributes": {} + }, + { + "id": "ec6f0230-82ae-4713-8d21-fc97214042d9", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "62f2227e-e1ac-4c74-b278-1eab7f7664ae", + "attributes": {} + }, + { + "id": "f33e3aa2-0b3e-4397-9968-82be07d68f40", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "62f2227e-e1ac-4c74-b278-1eab7f7664ae", + "attributes": {} + }, + { + "id": "d08507c5-eb84-4d60-93f6-7c72f01536e7", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "62f2227e-e1ac-4c74-b278-1eab7f7664ae", + "attributes": {} + }, + { + "id": "46d331cb-9fac-45af-b5ba-25bf003b9281", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "62f2227e-e1ac-4c74-b278-1eab7f7664ae", + "attributes": {} + }, + { + "id": "77c0c84d-427b-4d73-a185-6bf3108ff9a2", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "62f2227e-e1ac-4c74-b278-1eab7f7664ae", + "attributes": {} + }, + { + "id": "3a3f1c10-0d53-4a25-8bb8-46121f304af4", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "62f2227e-e1ac-4c74-b278-1eab7f7664ae", + "attributes": {} + }, + { + "id": "12b4667f-1cb1-408d-bb8f-9905edea4fee", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "62f2227e-e1ac-4c74-b278-1eab7f7664ae", + "attributes": {} + }, + { + "id": "99fcf818-a472-4ed1-8b23-d86a54156cf3", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "aps-v2-realm": ["query-groups", "query-users"] + } + }, + "clientRole": true, + "containerId": "62f2227e-e1ac-4c74-b278-1eab7f7664ae", + "attributes": {} + }, + { + "id": "e2bdd89b-1b4c-448e-b4a5-cc1196918e85", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "62f2227e-e1ac-4c74-b278-1eab7f7664ae", + "attributes": {} + }, + { + "id": "8eecebf6-489f-4924-8afc-d40de58260a5", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "aps-v2-realm": ["query-clients"] + } + }, + "clientRole": true, + "containerId": "62f2227e-e1ac-4c74-b278-1eab7f7664ae", + "attributes": {} + }, + { + "id": "a93e05d2-ca5c-46e7-bd66-f98f915fdc30", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "62f2227e-e1ac-4c74-b278-1eab7f7664ae", + "attributes": {} + }, + { + "id": "8016bdc5-4da8-4416-b6ef-fee7796cc8c2", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "62f2227e-e1ac-4c74-b278-1eab7f7664ae", + "attributes": {} + }, + { + "id": "4c0f70bf-59c5-4878-a14a-eb658ea9ad4b", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "62f2227e-e1ac-4c74-b278-1eab7f7664ae", + "attributes": {} + } + ], + "sa-platform-e0000000-fa46551361b4": [], + "security-admin-console": [], + "sa-platform1-e0000000-5be82156d61f": [], + "admin-cli": [], + "account-console": [], + "broker": [ + { + "id": "8a00a2b3-fc3b-4b7d-aee1-1b3e46507b20", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "db7f58dc-c007-4e4c-ad7b-14f57a0521cd", + "attributes": {} + } + ], + "master-realm": [ + { + "id": "a04656f4-d096-4cff-91f4-9b9f286c768d", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "4e6525e9-647c-4c80-85d6-9c13890b0ab2", + "attributes": {} + }, + { + "id": "cccc1d8a-1a88-4a60-aff7-f7e5ec751f3f", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "4e6525e9-647c-4c80-85d6-9c13890b0ab2", + "attributes": {} + }, + { + "id": "be5bcb8d-7466-402f-b289-6be26f961b0b", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "4e6525e9-647c-4c80-85d6-9c13890b0ab2", + "attributes": {} + }, + { + "id": "e62d2ea1-fb57-41ae-ad8d-17ee8fb7356b", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "4e6525e9-647c-4c80-85d6-9c13890b0ab2", + "attributes": {} + }, + { + "id": "f7247d9b-c35d-43dc-a10e-f1ce0cbc80fb", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "4e6525e9-647c-4c80-85d6-9c13890b0ab2", + "attributes": {} + }, + { + "id": "be5fe2ea-0119-4eb4-a2c8-dae5eb3fd308", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "4e6525e9-647c-4c80-85d6-9c13890b0ab2", + "attributes": {} + }, + { + "id": "3b1d6088-a992-4f81-b43b-5f71854ef3a4", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "master-realm": ["query-users", "query-groups"] + } + }, + "clientRole": true, + "containerId": "4e6525e9-647c-4c80-85d6-9c13890b0ab2", + "attributes": {} + }, + { + "id": "d7cd3f01-b2e9-42b0-be8c-ef438932096c", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "4e6525e9-647c-4c80-85d6-9c13890b0ab2", + "attributes": {} + }, + { + "id": "42fe78c7-3bb9-430d-a78d-013b95b31d0c", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "4e6525e9-647c-4c80-85d6-9c13890b0ab2", + "attributes": {} + }, + { + "id": "c4c4b2b9-41a6-46c0-852e-5fb8ed755348", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "4e6525e9-647c-4c80-85d6-9c13890b0ab2", + "attributes": {} }, - "clientRole" : true, - "containerId" : "bc61d6b7-6876-4193-9881-1b994596a207", - "attributes" : { } - }, { - "id" : "a1e4af9d-431f-4e0f-87c1-d6c24f0a61e0", - "name" : "manage-account-links", - "description" : "${role_manage-account-links}", - "composite" : false, - "clientRole" : true, - "containerId" : "bc61d6b7-6876-4193-9881-1b994596a207", - "attributes" : { } - } ], - "cypress-auth-profile" : [ { - "id" : "7e5fbfc1-4818-4736-9a47-21d35b3304c2", - "name" : "uma_protection", - "composite" : false, - "clientRole" : true, - "containerId" : "50c78923-95d9-4083-87ff-5233f2d6326e", - "attributes" : { } - } ] + { + "id": "c257a266-eba8-4469-8d9a-f171f489354c", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "4e6525e9-647c-4c80-85d6-9c13890b0ab2", + "attributes": {} + }, + { + "id": "7e584743-ffe9-45e8-8f5b-722e07034141", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "4e6525e9-647c-4c80-85d6-9c13890b0ab2", + "attributes": {} + }, + { + "id": "70aad632-dd34-46e8-813a-398914dd31c9", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "4e6525e9-647c-4c80-85d6-9c13890b0ab2", + "attributes": {} + }, + { + "id": "6855b67a-f23d-40c9-a597-c98261e27ce4", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "master-realm": ["query-clients"] + } + }, + "clientRole": true, + "containerId": "4e6525e9-647c-4c80-85d6-9c13890b0ab2", + "attributes": {} + }, + { + "id": "0725918a-6335-4556-aafa-ff6c3fb87989", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "4e6525e9-647c-4c80-85d6-9c13890b0ab2", + "attributes": {} + }, + { + "id": "0d2640b7-461c-4c21-8270-064f5423ae74", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "4e6525e9-647c-4c80-85d6-9c13890b0ab2", + "attributes": {} + }, + { + "id": "ba7e040b-9462-489a-9467-965f69ae1025", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "4e6525e9-647c-4c80-85d6-9c13890b0ab2", + "attributes": {} + }, + { + "id": "b473aa2e-d49d-4ba5-b502-8d38db9dc81e", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "4e6525e9-647c-4c80-85d6-9c13890b0ab2", + "attributes": {} + } + ], + "account": [ + { + "id": "dba0e0ba-f826-49df-a378-031e5fbcfd13", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "bc61d6b7-6876-4193-9881-1b994596a207", + "attributes": {} + }, + { + "id": "5d9f0b2a-55bb-4cda-ab2d-67b77cf925f0", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "bc61d6b7-6876-4193-9881-1b994596a207", + "attributes": {} + }, + { + "id": "f58a3fc3-9fbd-4308-8528-cee3d267fc74", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": ["manage-account-links"] + } + }, + "clientRole": true, + "containerId": "bc61d6b7-6876-4193-9881-1b994596a207", + "attributes": {} + }, + { + "id": "b84c29be-1b56-4b8e-be2c-1b5153d8b1aa", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "bc61d6b7-6876-4193-9881-1b994596a207", + "attributes": {} + }, + { + "id": "baccbb7e-8777-4ff5-9d1a-491b61f6d87f", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": ["view-consent"] + } + }, + "clientRole": true, + "containerId": "bc61d6b7-6876-4193-9881-1b994596a207", + "attributes": {} + }, + { + "id": "a1e4af9d-431f-4e0f-87c1-d6c24f0a61e0", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "bc61d6b7-6876-4193-9881-1b994596a207", + "attributes": {} + } + ], + "cypress-auth-profile": [ + { + "id": "7e5fbfc1-4818-4736-9a47-21d35b3304c2", + "name": "uma_protection", + "composite": false, + "clientRole": true, + "containerId": "50c78923-95d9-4083-87ff-5233f2d6326e", + "attributes": {} + } + ] } }, - "groups" : [ { - "id" : "b0944059-43fc-4dbc-9037-d25e01ae6c45", - "name" : "ns", - "path" : "/ns", - "attributes" : { }, - "realmRoles" : [ ], - "clientRoles" : { }, - "subGroups" : [ { - "id" : "5c875007-2e0e-4c01-8418-143e2a420722", - "name" : "platform", - "path" : "/ns/platform", - "attributes" : { - "org-unit" : [ "planning-and-innovation-division" ], - "org" : [ "ministry-of-health" ] + "groups": [ + { + "id": "b0944059-43fc-4dbc-9037-d25e01ae6c45", + "name": "ns", + "path": "/ns", + "attributes": {}, + "realmRoles": [], + "clientRoles": {}, + "subGroups": [ + { + "id": "5c875007-2e0e-4c01-8418-143e2a420722", + "name": "platform", + "path": "/ns/platform", + "attributes": { + "org-unit": ["planning-and-innovation-division"], + "org": ["ministry-of-health"], + "perm-protected-ns": ["allow"] + }, + "realmRoles": [], + "clientRoles": {}, + "subGroups": [] + }, + { + "id": "1c875007-2e0e-4c01-8418-143e2a420722", + "name": "platform1", + "path": "/ns/platform1", + "attributes": {}, + "realmRoles": [], + "clientRoles": {}, + "subGroups": [] + }, + { + "id": "2c875007-2e0e-4c01-8418-143e2a420722", + "name": "platform2", + "path": "/ns/platform2", + "attributes": {}, + "realmRoles": [], + "clientRoles": {}, + "subGroups": [] + } + ] + }, + { + "id": "6a0b857d-3951-444d-823e-193bf9f12f67", + "name": "organization-admin", + "path": "/organization-admin", + "attributes": {}, + "realmRoles": [], + "clientRoles": {}, + "subGroups": [ + { + "id": "17434902-eda6-4d6a-a366-2dbfdbf3866c", + "name": "ca.bc.gov", + "path": "/organization-admin/ca.bc.gov", + "attributes": {}, + "realmRoles": [], + "clientRoles": {}, + "subGroups": [ + { + "id": "711b0078-fb8c-4ce9-aa50-06a690360508", + "name": "ministry-of-health", + "path": "/organization-admin/ca.bc.gov/ministry-of-health", + "attributes": {}, + "realmRoles": [], + "clientRoles": {}, + "subGroups": [ + { + "id": "614278c5-b60c-4101-9986-3d031720dec0", + "name": "planning-and-innovation-division", + "path": "/organization-admin/ca.bc.gov/ministry-of-health/planning-and-innovation-division", + "attributes": {}, + "realmRoles": [], + "clientRoles": {}, + "subGroups": [] + } + ] + } + ] + } + ] + } + ], + "defaultRoles": ["uma_authorization", "offline_access"], + "requiredCredentials": ["password"], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpSupportedApplications": ["FreeOTP", "Google Authenticator"], + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": ["ES256"], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "users": [ + { + "id": "bf498a7b-b6e0-49bb-9ea8-0241d7792c01", + "createdTimestamp": 1642463435902, + "username": "220469e037c84a7abdfab15204a60701@olduser", + "enabled": true, + "totp": false, + "emailVerified": false, + "firstName": "oldF", + "lastName": "userL", + "email": "olduser@testmail.com", + "attributes": { + "provider_user_guid": ["220469E037C84A7ABDFAB15204A60701"], + "identity_provider": ["idir"], + "display_name": ["oldF userL"], + "provider_username": ["olduser"] + }, + "credentials": [ + { + "id": "6aa0a7ca-c2ad-43f5-9bdb-3f58693b2c01", + "type": "password", + "createdDate": 1642466403247, + "secretData": "{\"value\":\"ltS/DMUYOCSmZZRbf7rYFTpLa9cqQDewFO1jwRPczU99leiyGtOCsbdAPRmSvLVhOLnzqvcaua3B17ej2d6/7w==\",\"salt\":\"ZrR/QMSRwruFRU5FsPUgHQ==\"}", + "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "uma_authorization", + "aps-admin", + "offline_access", + "api-owner" + ], + "clientRoles": { + "account": ["manage-account", "view-profile"] }, - "realmRoles" : [ ], - "clientRoles" : { }, - "subGroups" : [ ] - } ] - }, { - "id" : "6a0b857d-3951-444d-823e-193bf9f12f67", - "name" : "organization-admin", - "path" : "/organization-admin", - "attributes" : { }, - "realmRoles" : [ ], - "clientRoles" : { }, - "subGroups" : [ { - "id" : "17434902-eda6-4d6a-a366-2dbfdbf3866c", - "name" : "ca.bc.gov", - "path" : "/organization-admin/ca.bc.gov", - "attributes" : { }, - "realmRoles" : [ ], - "clientRoles" : { }, - "subGroups" : [ { - "id" : "711b0078-fb8c-4ce9-aa50-06a690360508", - "name" : "ministry-of-health", - "path" : "/organization-admin/ca.bc.gov/ministry-of-health", - "attributes" : { }, - "realmRoles" : [ ], - "clientRoles" : { }, - "subGroups" : [ { - "id" : "614278c5-b60c-4101-9986-3d031720dec0", - "name" : "planning-and-innovation-division", - "path" : "/organization-admin/ca.bc.gov/ministry-of-health/planning-and-innovation-division", - "attributes" : { }, - "realmRoles" : [ ], - "clientRoles" : { }, - "subGroups" : [ ] - } ] - } ] - } ] - } ], - "defaultRoles" : [ "uma_authorization", "offline_access" ], - "requiredCredentials" : [ "password" ], - "otpPolicyType" : "totp", - "otpPolicyAlgorithm" : "HmacSHA1", - "otpPolicyInitialCounter" : 0, - "otpPolicyDigits" : 6, - "otpPolicyLookAheadWindow" : 1, - "otpPolicyPeriod" : 30, - "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ], - "webAuthnPolicyRpEntityName" : "keycloak", - "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyRpId" : "", - "webAuthnPolicyAttestationConveyancePreference" : "not specified", - "webAuthnPolicyAuthenticatorAttachment" : "not specified", - "webAuthnPolicyRequireResidentKey" : "not specified", - "webAuthnPolicyUserVerificationRequirement" : "not specified", - "webAuthnPolicyCreateTimeout" : 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyAcceptableAaguids" : [ ], - "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyPasswordlessRpId" : "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", - "webAuthnPolicyPasswordlessCreateTimeout" : 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], - "users" : [ { - "id" : "bf498a7b-b6e0-49bb-9ea8-0241d7792c01", - "createdTimestamp" : 1642463435902, - "username" : "220469e037c84a7abdfab15204a60701@olduser", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "oldF", - "lastName" : "userL", - "email" : "olduser@testmail.com", - "attributes" : { - "provider_user_guid" : [ "220469E037C84A7ABDFAB15204A60701" ], - "identity_provider" : [ "idir" ], - "display_name" : [ "oldF userL" ], - "provider_username" : [ "olduser" ] + "notBefore": 0, + "groups": [] }, - "credentials" : [ { - "id" : "6aa0a7ca-c2ad-43f5-9bdb-3f58693b2c01", - "type" : "password", - "createdDate" : 1642466403247, - "secretData" : "{\"value\":\"ltS/DMUYOCSmZZRbf7rYFTpLa9cqQDewFO1jwRPczU99leiyGtOCsbdAPRmSvLVhOLnzqvcaua3B17ej2d6/7w==\",\"salt\":\"ZrR/QMSRwruFRU5FsPUgHQ==\"}", - "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "uma_authorization", "aps-admin", "offline_access", "api-owner" ], - "clientRoles" : { - "account" : [ "manage-account", "view-profile" ] + { + "id": "03ff1b38-197b-465f-854a-b64f56b13356", + "createdTimestamp": 1625085370528, + "username": "awsummer@idir", + "enabled": true, + "totp": false, + "emailVerified": false, + "firstName": "Awesome", + "lastName": "Summers", + "email": "awsummers@gmail.com", + "attributes": { + "provider_user_guid": ["110469E037C84A7XXXXAB15204XX0701"], + "identity_provider": ["idir"], + "display_name": ["awesome summers"], + "provider_username": ["awsummers"] + }, + "credentials": [ + { + "id": "fa2ee157-09ea-466e-b9f6-378fd6f4dcdc", + "type": "password", + "createdDate": 1625085504863, + "secretData": "{\"value\":\"Fg8F1kRC03xAi3dyLPoH7K0TDGGfN9FKkcG6gGobAkyZtqtfShgjhGB1DSBZdXXirK27lHHYv+ZTqpAf87uhuA==\",\"salt\":\"TD5LnQBeAReu7LfJ2bnWMQ==\"}", + "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": ["uma_authorization", "offline_access", "api-owner"], + "clientRoles": { + "account": ["manage-account", "view-profile"] + }, + "notBefore": 0, + "groups": [] }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "03ff1b38-197b-465f-854a-b64f56b13356", - "createdTimestamp" : 1625085370528, - "username" : "awsummer@idir", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Awesome", - "lastName" : "Summers", - "email" : "awsummers@gmail.com", - "credentials" : [ { - "id" : "fa2ee157-09ea-466e-b9f6-378fd6f4dcdc", - "type" : "password", - "createdDate" : 1625085504863, - "secretData" : "{\"value\":\"Fg8F1kRC03xAi3dyLPoH7K0TDGGfN9FKkcG6gGobAkyZtqtfShgjhGB1DSBZdXXirK27lHHYv+ZTqpAf87uhuA==\",\"salt\":\"TD5LnQBeAReu7LfJ2bnWMQ==\"}", - "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "uma_authorization", "offline_access", "api-owner" ], - "clientRoles" : { - "account" : [ "manage-account", "view-profile" ] + { + "id": "d46a85d7-0f70-4e37-be54-780c0fb4ac0a", + "createdTimestamp": 1671484159521, + "username": "benny@idir", + "enabled": true, + "totp": false, + "emailVerified": false, + "firstName": "Benny", + "lastName": "Andersson", + "email": "benny@test.com", + "attributes": { + "provider_user_guid": ["220469E037C84A7ABDFAB15204A607C5"], + "identity_provider": ["idir"], + "display_name": ["benny@idir"], + "provider_username": ["benny"] + }, + "credentials": [ + { + "id": "00f5d5cd-61d2-4d6c-9d0f-8ba4ad49affe", + "type": "password", + "createdDate": 1671484173178, + "secretData": "{\"value\":\"jnbRhIykJhlF3MGTmQQAcCffzXiiUGY+4/CroCAJeGG07NzWw1VxQbCYjaGu+AaqZ9PFrNlxBoMqhMIrvDXSrA==\",\"salt\":\"2roPSuib0r/NQyLW3JIl0g==\"}", + "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": ["uma_authorization", "offline_access"], + "clientRoles": { + "account": ["manage-account", "view-profile"] + }, + "notBefore": 0, + "groups": ["/organization-admin/ca.bc.gov"] }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "d46a85d7-0f70-4e37-be54-780c0fb4ac0a", - "createdTimestamp" : 1671484159521, - "username" : "benny@idir", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Benny", - "lastName" : "Andersson", - "email" : "benny@test.com", - "attributes" : { - "provider_user_guid" : [ "220469E037C84A7ABDFAB15204A607C5" ], - "identity_provider" : [ "idir" ], - "display_name" : [ "benny@idir" ], - "provider_username" : [ "benny" ] + { + "id": "f6296cb0-a7c4-45fc-88ff-c1da793ff981", + "createdTimestamp": 1642463544967, + "username": "harley", + "enabled": true, + "totp": false, + "emailVerified": false, + "firstName": "Harley", + "lastName": "Jones", + "email": "harley@test.com", + "credentials": [ + { + "id": "0cc94c77-49c1-4e9c-b224-66dc661c06b5", + "type": "password", + "createdDate": 1642466431391, + "secretData": "{\"value\":\"AxeI0+khXUu1TqFB+I89x9KSQCBo2KZLGPyYXvLSkQlu/lMSfw7QEp0S3+i364FuzHYRCwAC2GVCjrAiOiyHVg==\",\"salt\":\"GJZIGYazPq+sEMRAO2AtRA==\"}", + "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": ["uma_authorization", "offline_access"], + "clientRoles": { + "account": ["manage-account", "view-profile"] + }, + "notBefore": 0, + "groups": [] }, - "credentials" : [ { - "id" : "00f5d5cd-61d2-4d6c-9d0f-8ba4ad49affe", - "type" : "password", - "createdDate" : 1671484173178, - "secretData" : "{\"value\":\"jnbRhIykJhlF3MGTmQQAcCffzXiiUGY+4/CroCAJeGG07NzWw1VxQbCYjaGu+AaqZ9PFrNlxBoMqhMIrvDXSrA==\",\"salt\":\"2roPSuib0r/NQyLW3JIl0g==\"}", - "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "uma_authorization", "offline_access" ], - "clientRoles" : { - "account" : [ "manage-account", "view-profile" ] + { + "id": "bf498a7b-b6e0-49bb-9ea8-0241d7792fe2", + "createdTimestamp": 1642463435902, + "username": "janis@idir", + "enabled": true, + "totp": false, + "emailVerified": false, + "firstName": "Janis", + "lastName": "Smith", + "email": "janis@testmail.com", + "attributes": { + "provider_user_guid": ["220469E037C84A7ABDFAB15204A607C5"], + "identity_provider": ["idir"], + "display_name": ["Janis@idir"], + "provider_username": ["janis"] + }, + "credentials": [ + { + "id": "6aa0a7ca-c2ad-43f5-9bdb-3f58693b28bc", + "type": "password", + "createdDate": 1642466403247, + "secretData": "{\"value\":\"ltS/DMUYOCSmZZRbf7rYFTpLa9cqQDewFO1jwRPczU99leiyGtOCsbdAPRmSvLVhOLnzqvcaua3B17ej2d6/7w==\",\"salt\":\"ZrR/QMSRwruFRU5FsPUgHQ==\"}", + "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "uma_authorization", + "aps-admin", + "offline_access", + "api-owner" + ], + "clientRoles": { + "account": ["manage-account", "view-profile"] + }, + "notBefore": 0, + "groups": [] }, - "notBefore" : 0, - "groups" : [ "/organization-admin/ca.bc.gov" ] - }, { - "id" : "f6296cb0-a7c4-45fc-88ff-c1da793ff981", - "createdTimestamp" : 1642463544967, - "username" : "harley", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Harley", - "lastName" : "Jones", - "email" : "harley@test.com", - "credentials" : [ { - "id" : "0cc94c77-49c1-4e9c-b224-66dc661c06b5", - "type" : "password", - "createdDate" : 1642466431391, - "secretData" : "{\"value\":\"AxeI0+khXUu1TqFB+I89x9KSQCBo2KZLGPyYXvLSkQlu/lMSfw7QEp0S3+i364FuzHYRCwAC2GVCjrAiOiyHVg==\",\"salt\":\"GJZIGYazPq+sEMRAO2AtRA==\"}", - "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "uma_authorization", "offline_access" ], - "clientRoles" : { - "account" : [ "manage-account", "view-profile" ] + { + "id": "7f9dcdfc-6100-4ec8-ba3f-8bd26d184585", + "createdTimestamp": 1623537499547, + "username": "local", + "enabled": true, + "totp": false, + "emailVerified": false, + "firstName": "local F", + "lastName": "local L", + "email": "local@development.me", + "credentials": [ + { + "id": "4ea10252-fd5d-476c-9e75-896230209ba5", + "type": "password", + "createdDate": 1623537499592, + "secretData": "{\"value\":\"BuAJdiavdBRkL23vKkpx9Ua1jKeLagEd/AkExhMM5Npt5l9Q3HO3Z/Ksxen+TBGh0JZDMxpfHArCp7xaAaUThw==\",\"salt\":\"ASKUBGyIEAcGPJaCnkpk+A==\"}", + "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "uma_authorization", + "offline_access", + "api-owner", + "admin" + ], + "clientRoles": { + "account": ["manage-account", "view-profile"] + }, + "notBefore": 0, + "groups": [] }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "bf498a7b-b6e0-49bb-9ea8-0241d7792fe2", - "createdTimestamp" : 1642463435902, - "username" : "janis@idir", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Janis", - "lastName" : "Smith", - "email" : "janis@testmail.com", - "attributes" : { - "provider_user_guid" : [ "220469E037C84A7ABDFAB15204A607C5" ], - "identity_provider" : [ "idir" ], - "display_name" : [ "Janis@idir" ], - "provider_username" : [ "janis" ] + { + "id": "0cb6367d-605d-44ef-a15a-a180e5773bc2", + "createdTimestamp": 1638573942042, + "username": "mark@idir", + "enabled": true, + "totp": false, + "emailVerified": false, + "firstName": "Mark F", + "lastName": "Mark L", + "email": "mark@gmail.com", + "attributes": { + "provider_user_guid": ["220469E037C84A7ABDFAB15204A607C5"], + "identity_provider": ["idir"], + "display_name": ["mark@idir"], + "provider_username": ["mark"] + }, + "credentials": [ + { + "id": "51f9551c-700c-48a4-a8c9-741089fc8123", + "type": "password", + "createdDate": 1638573942161, + "secretData": "{\"value\":\"I1XjV+HZkoHcNhSOHbICpyAlzyGyeqp/kPuIMvjcRP8oCD5x1FimGeZ8PISATtgcAq+QaSz3jx/ntodr3LbxOw==\",\"salt\":\"1Exw3iFjhc8E6DprXFm26w==\"}", + "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "uma_authorization", + "offline_access", + "api-manager", + "admin" + ], + "clientRoles": { + "account": ["manage-account", "view-profile"] + }, + "notBefore": 0, + "groups": [] }, - "credentials" : [ { - "id" : "6aa0a7ca-c2ad-43f5-9bdb-3f58693b28bc", - "type" : "password", - "createdDate" : 1642466403247, - "secretData" : "{\"value\":\"ltS/DMUYOCSmZZRbf7rYFTpLa9cqQDewFO1jwRPczU99leiyGtOCsbdAPRmSvLVhOLnzqvcaua3B17ej2d6/7w==\",\"salt\":\"ZrR/QMSRwruFRU5FsPUgHQ==\"}", - "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "uma_authorization", "aps-admin", "offline_access", "api-owner" ], - "clientRoles" : { - "account" : [ "manage-account", "view-profile" ] + { + "id": "bf498a7b-b6e0-49bb-9ea8-0241d7792f01", + "createdTimestamp": 1642463435902, + "username": "olduser@idir", + "enabled": true, + "totp": false, + "emailVerified": false, + "firstName": "oldF", + "lastName": "userL", + "email": "olduser@testmail.com", + "attributes": { + "provider_user_guid": ["220469E037C84A7ABDFAB15204A60701"], + "identity_provider": ["idir"], + "display_name": ["oldF userL"], + "provider_username": ["olduser@idir"] + }, + "credentials": [ + { + "id": "6aa0a7ca-c2ad-43f5-9bdb-3f58693b2801", + "type": "password", + "createdDate": 1642466403247, + "secretData": "{\"value\":\"ltS/DMUYOCSmZZRbf7rYFTpLa9cqQDewFO1jwRPczU99leiyGtOCsbdAPRmSvLVhOLnzqvcaua3B17ej2d6/7w==\",\"salt\":\"ZrR/QMSRwruFRU5FsPUgHQ==\"}", + "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "uma_authorization", + "aps-admin", + "offline_access", + "api-owner" + ], + "clientRoles": { + "account": ["manage-account", "view-profile"] + }, + "notBefore": 0, + "groups": [] }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "7f9dcdfc-6100-4ec8-ba3f-8bd26d184585", - "createdTimestamp" : 1623537499547, - "username" : "local", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "local F", - "lastName" : "local L", - "email" : "local@development.me", - "credentials" : [ { - "id" : "4ea10252-fd5d-476c-9e75-896230209ba5", - "type" : "password", - "createdDate" : 1623537499592, - "secretData" : "{\"value\":\"BuAJdiavdBRkL23vKkpx9Ua1jKeLagEd/AkExhMM5Npt5l9Q3HO3Z/Ksxen+TBGh0JZDMxpfHArCp7xaAaUThw==\",\"salt\":\"ASKUBGyIEAcGPJaCnkpk+A==\"}", - "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "uma_authorization", "offline_access", "api-owner", "admin" ], - "clientRoles" : { - "account" : [ "manage-account", "view-profile" ] + { + "id": "dcd4bf36-c332-4888-a768-ae67d1207ccb", + "createdTimestamp": 1623445150804, + "username": "service-account-aps-portal", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "aps-portal", + "credentials": [], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": ["uma_authorization", "offline_access"], + "clientRoles": { + "account": ["manage-account", "view-profile"] + }, + "notBefore": 0, + "groups": [] }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "0cb6367d-605d-44ef-a15a-a180e5773bc2", - "createdTimestamp" : 1638573942042, - "username" : "mark@idir", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Mark F", - "lastName" : "Mark L", - "email" : "mark@gmail.com", - "attributes" : { - "provider_user_guid" : [ "220469E037C84A7ABDFAB15204A607C5" ], - "identity_provider" : [ "idir" ], - "display_name" : [ "mark@idir" ], - "provider_username" : [ "mark" ] + { + "id": "0b87eb7b-28cd-43ec-b1fc-9c6b7ba12c9c", + "createdTimestamp": 1640110055487, + "username": "service-account-cypress-auth-profile", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "cypress-auth-profile", + "credentials": [], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": ["uma_authorization", "offline_access"], + "clientRoles": { + "master-realm": [ + "manage-clients", + "view-users", + "create-client", + "manage-users" + ], + "account": ["manage-account", "view-profile"], + "cypress-auth-profile": ["uma_protection"] + }, + "notBefore": 0, + "groups": [] }, - "credentials" : [ { - "id" : "51f9551c-700c-48a4-a8c9-741089fc8123", - "type" : "password", - "createdDate" : 1638573942161, - "secretData" : "{\"value\":\"I1XjV+HZkoHcNhSOHbICpyAlzyGyeqp/kPuIMvjcRP8oCD5x1FimGeZ8PISATtgcAq+QaSz3jx/ntodr3LbxOw==\",\"salt\":\"1Exw3iFjhc8E6DprXFm26w==\"}", - "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "uma_authorization", "offline_access", "api-manager", "admin" ], - "clientRoles" : { - "account" : [ "manage-account", "view-profile" ] + { + "id": "08e76239-85ee-4d2b-ac51-1fe737496fe8", + "createdTimestamp": 1625089066378, + "username": "service-account-gwa-api", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "gwa-api", + "credentials": [], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": ["uma_authorization", "offline_access"], + "clientRoles": { + "gwa-api": ["uma_protection"], + "master-realm": [ + "manage-clients", + "view-users", + "create-client", + "manage-users", + "manage-authorization" + ], + "account": ["manage-account", "view-profile"] + }, + "notBefore": 0, + "groups": [] }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "bf498a7b-b6e0-49bb-9ea8-0241d7792f01", - "createdTimestamp" : 1642463435902, - "username" : "olduser@idir", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "oldF", - "lastName" : "userL", - "email" : "olduser@testmail.com", - "attributes" : { - "provider_user_guid" : [ "220469E037C84A7ABDFAB15204A60701" ], - "identity_provider" : [ "idir" ], - "display_name" : [ "oldF userL" ], - "provider_username" : [ "olduser@idir" ] + { + "id": "c795236e-fb09-4b4e-93e0-8bffb7dda7b3", + "createdTimestamp": 1650644631111, + "username": "service-account-sa-platform1-e0000000-5be82156d61f", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "sa-platform1-e0000000-5be82156d61f", + "credentials": [], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": ["uma_authorization", "offline_access"], + "clientRoles": { + "account": ["manage-account", "view-profile"] + }, + "notBefore": 0, + "groups": [] }, - "credentials" : [ { - "id" : "6aa0a7ca-c2ad-43f5-9bdb-3f58693b2801", - "type" : "password", - "createdDate" : 1642466403247, - "secretData" : "{\"value\":\"ltS/DMUYOCSmZZRbf7rYFTpLa9cqQDewFO1jwRPczU99leiyGtOCsbdAPRmSvLVhOLnzqvcaua3B17ej2d6/7w==\",\"salt\":\"ZrR/QMSRwruFRU5FsPUgHQ==\"}", - "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "uma_authorization", "aps-admin", "offline_access", "api-owner" ], - "clientRoles" : { - "account" : [ "manage-account", "view-profile" ] + { + "id": "54adc719-3687-4886-9a7c-18c719a31014", + "createdTimestamp": 1651510581479, + "username": "service-account-sa-platform-e0000000-fa46551361b4", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "sa-platform-e0000000-fa46551361b4", + "credentials": [], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": ["uma_authorization", "offline_access"], + "clientRoles": { + "account": ["manage-account", "view-profile"] + }, + "notBefore": 0, + "groups": [] }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "dcd4bf36-c332-4888-a768-ae67d1207ccb", - "createdTimestamp" : 1623445150804, - "username" : "service-account-aps-portal", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "serviceAccountClientId" : "aps-portal", - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "uma_authorization", "offline_access" ], - "clientRoles" : { - "account" : [ "manage-account", "view-profile" ] + { + "id": "106ae49e-2334-4147-9f59-cd1ef50dab3b", + "createdTimestamp": 1645047852963, + "username": "wendy@idir", + "enabled": true, + "totp": false, + "emailVerified": false, + "firstName": "Wendy F", + "lastName": "Wendy L", + "email": "wendy@test.com", + "attributes": { + "provider_user_guid": ["220469E037C84A7ABDFAB15204A607C5"], + "identity_provider": ["idir"], + "display_name": ["wendy@idir"], + "provider_username": ["wendy"] + }, + "credentials": [ + { + "id": "879b81f9-8dc9-40b2-afb5-805afc4e7e4d", + "type": "password", + "createdDate": 1645047984782, + "secretData": "{\"value\":\"itMDSu6kUt6bNPEHYdg9zH7jc2avU6W3JYTa/gNen7kGXGkanthdm60CWJ3E3lVnkBqniON8ntmnrNqSnOJv2g==\",\"salt\":\"kB81qbXXeMnX7k3DSvBmvQ==\"}", + "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": ["uma_authorization", "credential-admin", "offline_access"], + "clientRoles": { + "account": ["manage-account", "view-profile"] + }, + "notBefore": 0, + "groups": [] + } + ], + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": ["offline_access"] + } + ], + "clientScopeMappings": { + "account": [ + { + "client": "account-console", + "roles": ["manage-account"] + } + ] + }, + "clients": [ + { + "id": "bc61d6b7-6876-4193-9881-1b994596a207", + "clientId": "account", + "name": "${client_account}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/master/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "defaultRoles": ["manage-account", "view-profile"], + "redirectUris": ["/realms/master/account/*"], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "role_list", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "0b87eb7b-28cd-43ec-b1fc-9c6b7ba12c9c", - "createdTimestamp" : 1640110055487, - "username" : "service-account-cypress-auth-profile", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "serviceAccountClientId" : "cypress-auth-profile", - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "uma_authorization", "offline_access" ], - "clientRoles" : { - "master-realm" : [ "manage-clients", "view-users", "create-client", "manage-users" ], - "account" : [ "manage-account", "view-profile" ], - "cypress-auth-profile" : [ "uma_protection" ] + { + "id": "0f7cdb03-8ae1-46a1-b97d-c7e8f8094517", + "clientId": "account-console", + "name": "${client_account-console}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/master/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": ["/realms/master/account/*"], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "7d9f3625-b978-4996-a063-12552470c586", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], + "defaultClientScopes": [ + "web-origins", + "role_list", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "08e76239-85ee-4d2b-ac51-1fe737496fe8", - "createdTimestamp" : 1625089066378, - "username" : "service-account-gwa-api", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "serviceAccountClientId" : "gwa-api", - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "uma_authorization", "offline_access" ], - "clientRoles" : { - "gwa-api" : [ "uma_protection" ], - "master-realm" : [ "manage-clients", "view-users", "create-client", "manage-users", "manage-authorization" ], - "account" : [ "manage-account", "view-profile" ] + { + "id": "4221af6b-3bc7-4685-8c69-e1ba30303101", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "role_list", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "c795236e-fb09-4b4e-93e0-8bffb7dda7b3", - "createdTimestamp" : 1650644631111, - "username" : "service-account-sa-platform1-e0000000-5be82156d61f", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "serviceAccountClientId" : "sa-platform1-e0000000-5be82156d61f", - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "uma_authorization", "offline_access" ], - "clientRoles" : { - "account" : [ "manage-account", "view-profile" ] + { + "id": "f333c5e5-fba2-48e8-aab7-7b6862881202", + "clientId": "aps-portal", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "8e1a17ed-cb93-4806-ac32-e303d1c86018", + "redirectUris": ["http://*", "https://*"], + "webOrigins": ["*"], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "exclude.session.state.from.auth.response": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "390fa558-2b62-4399-adfb-e2ec96784813", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "8df082aa-710d-4be7-b396-22223a710e84", + "name": "display_name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "user.attribute": "display_name", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "display_name", + "userinfo.token.claim": "true" + } + }, + { + "id": "8df082aa-710d-4be7-b396-00023a710e84", + "name": "provider_user_guid", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "user.attribute": "provider_user_guid", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "provider_user_guid", + "userinfo.token.claim": "true" + } + }, + { + "id": "8df082aa-710d-4be7-b396-11123a710e84", + "name": "provider_username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "user.attribute": "provider_username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "provider_username", + "userinfo.token.claim": "true" + } + }, + { + "id": "8df082aa-710d-4be7-b396-87323a710e84", + "name": "identity_provider", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "user.attribute": "identity_provider", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "identity_provider", + "userinfo.token.claim": "true" + } + }, + { + "id": "d9196236-636f-4459-ac3b-2b0f9b87681d", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientId", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientId", + "jsonType.label": "String" + } + }, + { + "id": "f088eda3-2a14-45a4-8e91-1f669152a6e3", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "Namespace.Create", + "role_list", + "roles", + "Namespace.Admin", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "54adc719-3687-4886-9a7c-18c719a31014", - "createdTimestamp" : 1651510581479, - "username" : "service-account-sa-platform-e0000000-fa46551361b4", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "serviceAccountClientId" : "sa-platform-e0000000-fa46551361b4", - "credentials" : [ ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "uma_authorization", "offline_access" ], - "clientRoles" : { - "account" : [ "manage-account", "view-profile" ] + { + "id": "62f2227e-e1ac-4c74-b278-1eab7f7664ae", + "clientId": "aps-v2-realm", + "name": "aps-v2 Realm", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "role_list", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] }, - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "106ae49e-2334-4147-9f59-cd1ef50dab3b", - "createdTimestamp" : 1645047852963, - "username" : "wendy@idir", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Wendy F", - "lastName" : "Wendy L", - "email" : "wendy@test.com", - "attributes" : { - "provider_user_guid" : [ "220469E037C84A7ABDFAB15204A607C5" ], - "identity_provider" : [ "idir" ], - "display_name" : [ "wendy@idir" ], - "provider_username" : [ "wendy" ] + { + "id": "db7f58dc-c007-4e4c-ad7b-14f57a0521cd", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "role_list", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] }, - "credentials" : [ { - "id" : "879b81f9-8dc9-40b2-afb5-805afc4e7e4d", - "type" : "password", - "createdDate" : 1645047984782, - "secretData" : "{\"value\":\"itMDSu6kUt6bNPEHYdg9zH7jc2avU6W3JYTa/gNen7kGXGkanthdm60CWJ3E3lVnkBqniON8ntmnrNqSnOJv2g==\",\"salt\":\"kB81qbXXeMnX7k3DSvBmvQ==\"}", - "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "uma_authorization", "credential-admin", "offline_access" ], - "clientRoles" : { - "account" : [ "manage-account", "view-profile" ] + { + "id": "50c78923-95d9-4083-87ff-5233f2d6326e", + "clientId": "cypress-auth-profile", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "43badfc1-c06f-4bec-bab6-ccdc764071ac", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "authorizationServicesEnabled": true, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "exclude.session.state.from.auth.response": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "e5b7aae4-4667-40a4-bef5-34abb759e338", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "6d728625-6d5e-4363-90cc-e3b68baa756a", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientId", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientId", + "jsonType.label": "String" + } + }, + { + "id": "bbf72323-f9f4-44c1-8088-df564fe7b494", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "role_list", + "Namespace.Create", + "Namespace.Admin", + "roles", + "profile", + "System.Write", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ], + "authorizationSettings": { + "allowRemoteResourceManagement": true, + "policyEnforcementMode": "ENFORCING", + "resources": [ + { + "name": "Default Resource", + "type": "urn:cypress-auth-profile:resources:default", + "ownerManagedAccess": false, + "attributes": {}, + "_id": "8543a438-ee7e-44b7-aa28-aef951b65f2f", + "uris": ["/*"] + } + ], + "policies": [ + { + "id": "34e0a630-d6fa-499c-b7b7-bca8b6ef70f6", + "name": "Default Policy", + "description": "A policy that grants access only for users within this realm", + "type": "js", + "logic": "POSITIVE", + "decisionStrategy": "AFFIRMATIVE", + "config": { + "code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n" + } + }, + { + "id": "a1bbc96c-4248-4f32-8bec-59569165bcb8", + "name": "Default Permission", + "description": "A permission that applies to the default resource type", + "type": "resource", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "config": { + "defaultResourceType": "urn:cypress-auth-profile:resources:default", + "applyPolicies": "[\"Default Policy\"]" + } + } + ], + "scopes": [], + "decisionStrategy": "UNANIMOUS" + } }, - "notBefore" : 0, - "groups" : [ ] - } ], - "scopeMappings" : [ { - "clientScope" : "offline_access", - "roles" : [ "offline_access" ] - } ], - "clientScopeMappings" : { - "account" : [ { - "client" : "account-console", - "roles" : [ "manage-account" ] - } ] - }, - "clients" : [ { - "id" : "bc61d6b7-6876-4193-9881-1b994596a207", - "clientId" : "account", - "name" : "${client_account}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/master/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "**********", - "defaultRoles" : [ "manage-account", "view-profile" ], - "redirectUris" : [ "/realms/master/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "0f7cdb03-8ae1-46a1-b97d-c7e8f8094517", - "clientId" : "account-console", - "name" : "${client_account-console}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/master/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "**********", - "redirectUris" : [ "/realms/master/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "pkce.code.challenge.method" : "S256" + { + "id": "c002b2b1-0ca8-4fd6-896e-6d2e3395a345", + "clientId": "gwa-api", + "rootUrl": "https://gwa-api-gov-bc-ca.dev.api.gov.bc.ca", + "adminUrl": "https://gwa-api-gov-bc-ca.dev.api.gov.bc.ca", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "18900468-3db1-43f7-a8af-e75f079eb742", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "authorizationServicesEnabled": true, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "exclude.session.state.from.auth.response": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "4f2fdd5d-7cd7-427b-bce3-60ac808570da", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "3ef8dcec-57b5-4217-9991-c3144ffafc19", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "9e857953-1628-4deb-a568-9a59af3c985f", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientId", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientId", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "Namespace.Create", + "role_list", + "roles", + "Namespace.Admin", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ], + "authorizationSettings": { + "allowRemoteResourceManagement": true, + "policyEnforcementMode": "ENFORCING", + "resources": [ + { + "name": "Default Resource", + "type": "urn:gwa-api:resources:default", + "ownerManagedAccess": false, + "attributes": {}, + "_id": "054b9d22-ce05-4b1c-86bf-424eb7f3ca13", + "uris": ["/*"] + }, + { + "name": "platform1", + "type": "namespace", + "ownerManagedAccess": true, + "attributes": {}, + "_id": "fa9f93b8-b1c1-45ab-ad65-672befbdaedc", + "uris": [], + "scopes": [ + { + "name": "GatewayConfig.Publish" + }, + { + "name": "Namespace.Manage" + }, + { + "name": "Access.Manage" + }, + { + "name": "Content.Publish" + }, + { + "name": "Namespace.View" + }, + { + "name": "CredentialIssuer.Admin" + } + ] + }, + { + "name": "platform2", + "type": "namespace", + "ownerManagedAccess": true, + "attributes": {}, + "_id": "c6ad734c-6d8f-4b90-bcf9-cb9c19eadc22", + "uris": [], + "scopes": [ + { + "name": "GatewayConfig.Publish" + }, + { + "name": "Namespace.Manage" + }, + { + "name": "Access.Manage" + }, + { + "name": "Content.Publish" + }, + { + "name": "Namespace.View" + }, + { + "name": "CredentialIssuer.Admin" + } + ] + }, + { + "name": "platform", + "type": "namespace", + "ownerManagedAccess": true, + "attributes": {}, + "_id": "501a70b7-546a-43f3-8992-a4c170f0bab7", + "uris": [], + "scopes": [ + { + "name": "GatewayConfig.Publish" + }, + { + "name": "Namespace.Manage" + }, + { + "name": "Access.Manage" + }, + { + "name": "Content.Publish" + }, + { + "name": "Namespace.View" + }, + { + "name": "CredentialIssuer.Admin" + } + ] + }, + { + "name": "org/ca.bc.gov", + "type": "organization", + "ownerManagedAccess": true, + "displayName": "org/ca.bc.gov", + "attributes": {}, + "_id": "228c26be-3ef4-43d6-92ec-8441ebf5887c", + "uris": [], + "scopes": [ + { + "name": "GroupAccess.Manage" + } + ] + }, + { + "name": "org/ministry-of-health", + "type": "organization", + "ownerManagedAccess": true, + "attributes": {}, + "_id": "2367ab08-6c6e-42e4-b1db-3a86de3a028d", + "uris": [], + "scopes": [ + { + "name": "GroupAccess.Manage" + }, + { + "name": "Dataset.Manage" + }, + { + "name": "Namespace.Assign" + } + ] + }, + { + "name": "org/planning-and-innovation-division", + "type": "organization", + "ownerManagedAccess": true, + "attributes": {}, + "_id": "032644b7-a3a0-489e-bda3-193bd14d861a", + "uris": [], + "scopes": [ + { + "name": "GroupAccess.Manage" + }, + { + "name": "Dataset.Manage" + }, + { + "name": "Namespace.Assign" + } + ] + } + ], + "policies": [ + { + "id": "35dcd837-d215-4036-84fe-452605b0a065", + "name": "Default Policy", + "description": "A policy that grants access only for users within this realm", + "type": "js", + "logic": "POSITIVE", + "decisionStrategy": "AFFIRMATIVE", + "config": { + "code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n" + } + }, + { + "id": "ca06ef6c-d7f8-42c9-b0d6-0c9be85c1cc1", + "name": "janis", + "type": "user", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "config": { + "users": "[\"janis@idir\"]" + } + }, + { + "id": "c3848ff4-76b0-4f2d-afe9-7dfd77467fcb", + "name": "group-organization-admin-ca.bc.gov-policy", + "description": "Group '/organization-admin' / 'ca.bc.gov' Policy", + "type": "group", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "config": { + "groups": "[{\"path\":\"/organization-admin/ca.bc.gov\",\"extendChildren\":false},{\"path\":\"/organization-admin\",\"extendChildren\":false}]" + } + }, + { + "id": "6f49c571-fbbb-4f86-a72a-c1591a446bb3", + "name": "group-organization-admin-ca.bc.gov-ministry-of-health-policy", + "description": "Group '/organization-admin/ca.bc.gov' / 'ministry-of-health' Policy", + "type": "group", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "config": { + "groups": "[{\"path\":\"/organization-admin/ca.bc.gov/ministry-of-health\",\"extendChildren\":false},{\"path\":\"/organization-admin/ca.bc.gov\",\"extendChildren\":false},{\"path\":\"/organization-admin\",\"extendChildren\":false}]" + } + }, + { + "id": "99fdf1a9-d5ec-48c7-a2cd-1ddeb130b058", + "name": "group-organization-admin-ca.bc.gov-ministry-of-health-planning-and-innovation-division-policy", + "description": "Group '/organization-admin/ca.bc.gov/ministry-of-health' / 'planning-and-innovation-division' Policy", + "type": "group", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "config": { + "groups": "[{\"path\":\"/organization-admin/ca.bc.gov/ministry-of-health/planning-and-innovation-division\",\"extendChildren\":false},{\"path\":\"/organization-admin\",\"extendChildren\":false},{\"path\":\"/organization-admin/ca.bc.gov\",\"extendChildren\":false},{\"path\":\"/organization-admin/ca.bc.gov/ministry-of-health\",\"extendChildren\":false}]" + } + }, + { + "id": "31be7436-e9d8-42a3-b42e-69a1869a7eea", + "name": "Default Permission", + "description": "A permission that applies to the default resource type", + "type": "resource", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "config": { + "defaultResourceType": "urn:gwa-api:resources:default", + "applyPolicies": "[\"Default Policy\"]" + } + }, + { + "id": "65f0c0a4-e2ac-4364-800d-ebd4e11ce393", + "name": "janis full access", + "type": "scope", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "config": { + "scopes": "[\"GroupAccess.Manage\",\"Namespace.Assign\"]", + "applyPolicies": "[\"janis\"]" + } + }, + { + "id": "854f0dfe-952d-48f8-9d53-d49b0b4ed122", + "name": "Access to 'org/ca.bc.gov' services for role organization-admin", + "type": "scope", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "config": { + "resources": "[\"org/ca.bc.gov\"]", + "scopes": "[\"GroupAccess.Manage\"]", + "applyPolicies": "[\"group-organization-admin-ca.bc.gov-policy\"]" + } + }, + { + "id": "3f934d3f-d231-48fc-9f5a-924da7808989", + "name": "Access to 'org/ministry-of-health' services for role organization-admin", + "type": "scope", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "config": { + "resources": "[\"org/ministry-of-health\"]", + "scopes": "[\"Dataset.Manage\",\"GroupAccess.Manage\",\"Namespace.Assign\"]", + "applyPolicies": "[\"group-organization-admin-ca.bc.gov-ministry-of-health-policy\"]" + } + }, + { + "id": "56a4857d-a0be-472c-85d0-2dca93a1fdac", + "name": "Access to 'org/planning-and-innovation-division' services for role organization-admin", + "type": "scope", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "config": { + "resources": "[\"org/planning-and-innovation-division\"]", + "scopes": "[\"Dataset.Manage\",\"GroupAccess.Manage\",\"Namespace.Assign\"]", + "applyPolicies": "[\"group-organization-admin-ca.bc.gov-ministry-of-health-planning-and-innovation-division-policy\"]" + } + }, + { + "id": "f2e764aa-c355-4e81-a5e6-e76ffb86041f", + "name": "Access to 'platform' services for role organization-admin", + "type": "scope", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "config": { + "resources": "[\"platform\"]", + "scopes": "[\"Namespace.View\"]", + "applyPolicies": "[\"group-organization-admin-ca.bc.gov-ministry-of-health-planning-and-innovation-division-policy\"]" + } + } + ], + "scopes": [ + { + "id": "6871ce8b-5d5f-455b-86ff-7cf5940930eb", + "name": "Namespace.Manage" + }, + { + "id": "0006d34f-1416-4ffb-ad1f-39ebf63f9556", + "name": "Namespace.View" + }, + { + "id": "a4d424c9-7331-4715-96a9-ecfd1dd0cf2c", + "name": "GatewayConfig.Publish" + }, + { + "id": "fd403d7f-1dfb-4673-8ab3-5e1ff7797b35", + "name": "Access.Manage" + }, + { + "id": "0f98e35d-c2c3-4781-bf85-478bf06cfa24", + "name": "Content.Publish" + }, + { + "id": "dfc132ca-aa87-40b5-bc33-3e972a88f638", + "name": "CredentialIssuer.Admin" + }, + { + "id": "95893c25-6b83-4e59-9518-a25568d95542", + "name": "GroupAccess.Manage", + "iconUri": "", + "displayName": "GroupAccess.Manage" + }, + { + "id": "b0b007b1-1ecb-4b3f-9f0c-41b3fa34754c", + "name": "Dataset.Manage" + }, + { + "id": "f3bf8d43-54a4-4594-aeea-f61b99411f92", + "name": "Namespace.Assign" + } + ], + "decisionStrategy": "AFFIRMATIVE" + } }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "7d9f3625-b978-4996-a063-12552470c586", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - } ], - "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "4221af6b-3bc7-4685-8c69-e1ba30303101", - "clientId" : "admin-cli", - "name" : "${client_admin-cli}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "**********", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : false, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "f333c5e5-fba2-48e8-aab7-7b6862881202", - "clientId" : "aps-portal", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "8e1a17ed-cb93-4806-ac32-e303d1c86018", - "redirectUris" : [ "http://*", "https://*" ], - "webOrigins" : [ "*" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : true, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.assertion.signature" : "false", - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "saml.encrypt" : "false", - "saml.server.signature" : "false", - "saml.server.signature.keyinfo.ext" : "false", - "exclude.session.state.from.auth.response" : "false", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "tls.client.certificate.bound.access.tokens" : "false", - "saml.authnstatement" : "false", - "display.on.consent.screen" : "false", - "saml.onetimeuse.condition" : "false" + { + "id": "f009e508-9d81-4893-a786-d6227e6fab2c", + "clientId": "gwa-cli", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": ["http://*", "https://*"], + "webOrigins": ["*"], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "id.token.as.detached.signature": "false", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "saml.encrypt": "false", + "oauth2.device.authorization.grant.enabled": "true", + "saml.server.signature": "false", + "backchannel.logout.revoke.offline.tokens": "false", + "saml.server.signature.keyinfo.ext": "false", + "use.refresh.tokens": "true", + "exclude.session.state.from.auth.response": "false", + "oidc.ciba.grant.enabled": "false", + "saml.artifact.binding": "false", + "backchannel.logout.session.required": "true", + "client_credentials.use_refresh_token": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "require.pushed.authorization.requests": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false", + "oauth2.device.polling.interval": "5" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "a9360947-ab7a-42be-b541-0880bc4cc4e4", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "bfe325cb-7c78-44e6-92c5-b7cd3d04fee6", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientId", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientId", + "jsonType.label": "String" + } + }, + { + "id": "99fd4f31-3fc0-4f1c-84b0-90d5039fb9c6", + "name": "display_name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "user.attribute": "display_name", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "display_name", + "userinfo.token.claim": "true" + } + }, + { + "id": "e65a486d-dd60-487c-8a17-c474027697a8", + "name": "provider_user_guid", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "user.attribute": "provider_user_guid", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "provider_user_guid", + "userinfo.token.claim": "true" + } + }, + { + "id": "d6f6e39e-af05-4010-bd73-13015244b864", + "name": "provider_username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "user.attribute": "provider_username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "provider_username", + "userinfo.token.claim": "true" + } + }, + { + "id": "f147f8bf-aee1-45d0-a504-53d232f41c3a", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "36487098-a6a1-4dfb-b91b-c2bedce268eb", + "name": "identity_provider", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "user.attribute": "identity_provider", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "identity_provider", + "userinfo.token.claim": "true" + } + } + ], + "defaultClientScopes": [], + "optionalClientScopes": [] }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "390fa558-2b62-4399-adfb-e2ec96784813", - "name" : "Client Host", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientHost", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientHost", - "jsonType.label" : "String" - } - }, { - "id" : "8df082aa-710d-4be7-b396-22223a710e84", - "name" : "display_name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "display_name", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "display_name", - "userinfo.token.claim" : "true" - } - }, { - "id" : "8df082aa-710d-4be7-b396-00023a710e84", - "name" : "provider_user_guid", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "provider_user_guid", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "provider_user_guid", - "userinfo.token.claim" : "true" - } - }, { - "id" : "8df082aa-710d-4be7-b396-11123a710e84", - "name" : "provider_username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "provider_username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "provider_username", - "userinfo.token.claim" : "true" - } - }, { - "id" : "8df082aa-710d-4be7-b396-87323a710e84", - "name" : "identity_provider", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "identity_provider", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "identity_provider", - "userinfo.token.claim" : "true" - } - }, { - "id" : "d9196236-636f-4459-ac3b-2b0f9b87681d", - "name" : "Client ID", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientId", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientId", - "jsonType.label" : "String" - } - }, { - "id" : "f088eda3-2a14-45a4-8e91-1f669152a6e3", - "name" : "Client IP Address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientAddress", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientAddress", - "jsonType.label" : "String" + { + "id": "4e6525e9-647c-4c80-85d6-9c13890b0ab2", + "clientId": "master-realm", + "name": "master Realm", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "role_list", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "4bbc355d-7a87-4476-9593-7f9359dc8859", + "clientId": "sa-platform1-e0000000-5be82156d61f", + "name": "", + "description": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "c01a7839-2679-4cdd-96c4-173223b49ee6", + "redirectUris": ["https://*"], + "webOrigins": ["*"], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "exclude.session.state.from.auth.response": "false", + "client_credentials.use_refresh_token": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "d5b56ac0-01af-4241-991e-1cd25edeb739", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientId", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientId", + "jsonType.label": "String" + } + }, + { + "id": "8c119e4b-b308-41aa-be7b-91e1d299e499", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "3ba852b4-71b8-4942-950b-80968346b0e2", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [], + "optionalClientScopes": [] + }, + { + "id": "25ee1923-6323-4c4c-ae70-178615ace3b2", + "clientId": "sa-platform-e0000000-fa46551361b4", + "name": "", + "description": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "dc96e3d3-23cc-4345-aa5e-6f89b5d20c91", + "redirectUris": ["https://*"], + "webOrigins": ["*"], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "exclude.session.state.from.auth.response": "false", + "client_credentials.use_refresh_token": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "270af568-11bf-4208-bccd-58583e44f09c", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "9dda9072-1e47-43fd-a482-6830b252ca5b", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "a35858ac-39ad-46bc-9227-e40698049c62", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientId", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientId", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [], + "optionalClientScopes": [] + }, + { + "id": "5c797848-2f03-4085-a03a-e4f7c22d0050", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/master/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": ["/admin/master/console/*"], + "webOrigins": ["+"], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "c5b453d6-73e5-40f2-bc65-375b571f7d6c", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "role_list", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + } + ], + "clientScopes": [ + { + "id": "f5d4d8e2-6e57-477a-83b0-88047af5285d", + "name": "Content.Publish", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true" } - } ], - "defaultClientScopes" : [ "web-origins", "Namespace.Create", "role_list", "roles", "Namespace.Admin", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "62f2227e-e1ac-4c74-b278-1eab7f7664ae", - "clientId" : "aps-v2-realm", - "name" : "aps-v2 Realm", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "**********", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "db7f58dc-c007-4e4c-ad7b-14f57a0521cd", - "clientId" : "broker", - "name" : "${client_broker}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "**********", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "50c78923-95d9-4083-87ff-5233f2d6326e", - "clientId" : "cypress-auth-profile", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "43badfc1-c06f-4bec-bab6-ccdc764071ac", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : false, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : true, - "authorizationServicesEnabled" : true, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.assertion.signature" : "false", - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "saml.encrypt" : "false", - "saml.server.signature" : "false", - "saml.server.signature.keyinfo.ext" : "false", - "exclude.session.state.from.auth.response" : "false", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "tls.client.certificate.bound.access.tokens" : "false", - "saml.authnstatement" : "false", - "display.on.consent.screen" : "false", - "saml.onetimeuse.condition" : "false" }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "e5b7aae4-4667-40a4-bef5-34abb759e338", - "name" : "Client Host", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientHost", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientHost", - "jsonType.label" : "String" + { + "id": "4f7a31ce-a48b-4816-baff-4dbc378d4a10", + "name": "Namespace.Admin", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true" } - }, { - "id" : "6d728625-6d5e-4363-90cc-e3b68baa756a", - "name" : "Client ID", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientId", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientId", - "jsonType.label" : "String" + }, + { + "id": "5c280525-34b7-4436-a567-ad5a75f0b093", + "name": "Namespace.Create", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true" } - }, { - "id" : "bbf72323-f9f4-44c1-8088-df564fe7b494", - "name" : "Client IP Address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientAddress", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientAddress", - "jsonType.label" : "String" + }, + { + "id": "e78e5fd1-5ee2-4215-a5c3-a8581a19c716", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "b2a36609-2408-44fd-88ac-ef41fa62f5f4", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "89e870cc-7056-4bc0-8cf2-9c961ff4a62d", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "7fb89890-a73f-4162-9ca3-e1539905ccb6", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + }, + { + "id": "9ec60f35-65c9-4ea2-ab0e-2fc2c462d892", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "920764e0-6019-462b-bc25-f17a54562752", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "cd9090fd-faf4-450a-9144-3a9e04260095", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "multivalued": "true", + "userinfo.token.claim": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + }, + { + "id": "9ca3b431-06e3-43f0-9277-a6dec6ec1172", + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "bb473906-0c39-4af1-aad9-d8788dc7559f", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" } - } ], - "defaultClientScopes" : [ "web-origins", "role_list", "Namespace.Create", "Namespace.Admin", "roles", "profile", "System.Write", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ], - "authorizationSettings" : { - "allowRemoteResourceManagement" : true, - "policyEnforcementMode" : "ENFORCING", - "resources" : [ { - "name" : "Default Resource", - "type" : "urn:cypress-auth-profile:resources:default", - "ownerManagedAccess" : false, - "attributes" : { }, - "_id" : "8543a438-ee7e-44b7-aa28-aef951b65f2f", - "uris" : [ "/*" ] - } ], - "policies" : [ { - "id" : "34e0a630-d6fa-499c-b7b7-bca8b6ef70f6", - "name" : "Default Policy", - "description" : "A policy that grants access only for users within this realm", - "type" : "js", - "logic" : "POSITIVE", - "decisionStrategy" : "AFFIRMATIVE", - "config" : { - "code" : "// by default, grants any permission associated with this policy\n$evaluation.grant();\n" + }, + { + "id": "e5e16f12-1b4c-47e7-9599-99ff395f359c", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${phoneScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "8d83aa08-43a9-49f5-b1dd-caa144e2cad5", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + }, + { + "id": "3886e58f-d64f-4851-80f3-ae7cc5c6ab13", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } } - }, { - "id" : "a1bbc96c-4248-4f32-8bec-59569165bcb8", - "name" : "Default Permission", - "description" : "A permission that applies to the default resource type", - "type" : "resource", - "logic" : "POSITIVE", - "decisionStrategy" : "UNANIMOUS", - "config" : { - "defaultResourceType" : "urn:cypress-auth-profile:resources:default", - "applyPolicies" : "[\"Default Policy\"]" + ] + }, + { + "id": "f33d0489-2a52-4066-9c38-e130c02665ee", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${profileScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "1826e2b1-380a-4c65-a73e-3bb79f519550", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "id": "6ea0a08a-ab42-4b45-acfc-a05f5b452cb0", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "78d97855-5557-4f10-9d20-74d8ea6bdfef", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "22e60a23-914f-40bf-960d-e7a96655581d", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "e595c828-c815-4dff-bd8f-39b1eee5a3b3", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "id": "cd91c70b-0856-4f5d-aeb6-9b5c3b48a966", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "4ce90553-d828-4146-92e0-ee1775c9ba28", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "String" + } + }, + { + "id": "43710808-227e-4171-a106-7576f933a32b", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "a814d5c0-bdcd-4f33-8cfd-228005f2ba94", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "df9e1465-617d-4a7b-a208-7354c6cbaada", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "fc508e60-a978-41f1-bea2-311673b4b0a8", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "8e4641a3-87d3-4958-8113-dcfa82f0ef54", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "id": "ffc38939-9e10-4cf3-b4fc-65203e079a92", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "9364fe99-268a-4a74-88aa-a120a6897e78", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } } - } ], - "scopes" : [ ], - "decisionStrategy" : "UNANIMOUS" - } - }, { - "id" : "c002b2b1-0ca8-4fd6-896e-6d2e3395a345", - "clientId" : "gwa-api", - "rootUrl" : "https://gwa-api-gov-bc-ca.dev.api.gov.bc.ca", - "adminUrl" : "https://gwa-api-gov-bc-ca.dev.api.gov.bc.ca", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "18900468-3db1-43f7-a8af-e75f079eb742", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : false, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : true, - "authorizationServicesEnabled" : true, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.assertion.signature" : "false", - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "saml.encrypt" : "false", - "saml.server.signature" : "false", - "saml.server.signature.keyinfo.ext" : "false", - "exclude.session.state.from.auth.response" : "false", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "tls.client.certificate.bound.access.tokens" : "false", - "saml.authnstatement" : "false", - "display.on.consent.screen" : "false", - "saml.onetimeuse.condition" : "false" + ] + }, + { + "id": "b5a38584-219b-4618-a3a5-70814bed867e", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "1a0a5251-1b3f-47b1-8cc1-07a285d6479f", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "4f2fdd5d-7cd7-427b-bce3-60ac808570da", - "name" : "Client IP Address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientAddress", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientAddress", - "jsonType.label" : "String" + { + "id": "33bd4c0f-225f-43cb-8b6c-0bd4db702525", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "consent.screen.text": "${rolesScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "e276a79b-99cc-4f10-8d26-0e10ce245fdb", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "b64cc3a2-8ed8-4dee-a13a-fef5588a5949", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "c9828318-6d78-4aba-94ea-405f12fce589", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ] + }, + { + "id": "0bfddcf3-017d-44b6-8447-297c565d5d2d", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "28867dcd-803d-47a5-be90-51be8a331527", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": {} + } + ] + }, + { + "id": "e28fac82-4db1-4900-8096-74706a71f7f3", + "name": "System.Write", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true" } - }, { - "id" : "3ef8dcec-57b5-4217-9991-c3144ffafc19", - "name" : "Client Host", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientHost", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientHost", - "jsonType.label" : "String" + } + ], + "defaultDefaultClientScopes": [ + "web-origins", + "roles", + "Namespace.Admin", + "Namespace.Create", + "email", + "role_list", + "profile" + ], + "defaultOptionalClientScopes": [ + "microprofile-jwt", + "offline_access", + "phone", + "address" + ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection": "1; mode=block", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": {}, + "eventsEnabled": false, + "eventsListeners": ["jboss-logging"], + "enabledEventTypes": [], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "d7699c96-1cc0-46fe-b0fe-c72c7f7d1804", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "522f0c4c-8dfe-4421-b573-0e5723319dac", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": ["true"] + } + }, + { + "id": "2502109c-1319-4bcd-bf94-a5225239c42b", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-address-mapper", + "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-full-name-mapper", + "saml-user-attribute-mapper", + "saml-user-property-mapper", + "oidc-usermodel-property-mapper" + ] + } + }, + { + "id": "013bd2ad-80e7-40fe-ba41-b90642d536cd", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": ["true"], + "client-uris-must-match": ["true"] + } + }, + { + "id": "c0bcf5a2-ef5f-4f03-95c7-ea15f27c8cd7", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": ["true"] + } + }, + { + "id": "1157f7fe-a055-4ec3-8af8-3f809fd2fec0", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "650e6c8f-8a93-4096-9d37-1aecfe000e49", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": ["200"] + } + }, + { + "id": "93e21f15-c390-475a-865a-3f8125b1ccc9", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-user-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper", + "saml-role-list-mapper", + "oidc-usermodel-property-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-address-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper", + "oidc-audience-mapper" + ] + } } - }, { - "id" : "9e857953-1628-4deb-a568-9a59af3c985f", - "name" : "Client ID", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientId", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientId", - "jsonType.label" : "String" + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "2b0c7bcb-c441-4694-8639-7175a1956655", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "kid": ["1b23b32b-bb69-4a9a-b20d-770d009ffb67"], + "active": ["true"], + "secretSize": ["64"], + "secret": [ + "FqB7weAN-07obv1h7cltkFANraOPiK3BN-x1fBR7BY3yF_tOVVy0faPtS24pbPB5VJMXrvZBVy4MvQbhPGOn-A" + ], + "priority": ["100"], + "enabled": ["true"], + "algorithm": ["HS256"] + } + }, + { + "id": "82953e3c-d927-4f6f-8b57-3b5c7b8903d6", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "privateKey": [ + "MIIEpAIBAAKCAQEAtE+K9HXgyAM2I3gmzReAKg3ukb0LgHI00kBz79cTLX+aXjAMl5n3cajJZuVBPj+Cyy4fm4vB7tHMTcY5StOMcQv95DZvmonQkweU87quqfETLTp6607tUfUdRib5W/euaKqVbCi09xwSftBeHHCcvotFTz/IjnZ6Ul/qZcDzXgoLEiaZrKz3iSFsnuJEWiozFP+hPZNESfRz/jqd7PcD++SO1iLtMjB5BPvlB7cFWDaWww+nUPbnsqsLZzwdAzhAjYe17x2AafffkZUUp1rf5VXEz8bzAoMpRZDswhG+v1jUPg638b3LFakV6PhRTvLnoKRpPvdzLmRguXtxufrQDwIDAQABAoIBAG0CLcrPPR8OuftFl4ekbop+M74OIVb9NKvr5WuZhnGaVHQe7m302mDvnxtC/Geqs+MsNlWub4d3dOGMNnTjYmOx0UPYGS6/pMZO7iFPumrpYSOV2FxMMjO7UYBo7ZZJLjr+7ikejxFZ+mCKjmr5NfoIbtWThSeDvz3v2OC9fyRZPE/AAqsy9Gkhukxnsi4nJOBK89nLeZS1nbGPzJxu9jiNm2snWI56N7orrVW5KBR/ynaFMN5CepYqgzK5uXv9dkzjBgiQbPlXk9c+LIWrrjXFxjftJTiop6C938B1MlfamkUsoQLwG1Uh8SQNgBExFUOeegouOJthbjhhVdPe/QkCgYEA/7Y5B2Sm0S+DXfoWyHS26ZQ2fDu9WweLbnGL9KrKd4T7u5Ubu9+qTu1aU2m7RxRya9yHzzVXSiTEKPoTPCjC9CIGA3YtQxze2zf7un+RfdN0Ty9pBZiKbAavsX5+KyIliC6FQy0O48eWR7LMsVSFJGGIeYPTjgY3U34uLsN55RUCgYEAtIOQxc1AFw/wcQIsJYEZWmwUIEd49s6x6iCBXez1sfZLJVHL5mE7NNxT0vuSKwxMK4gddSoRjBDqWGgge93HlIz+N+Ln656zCdLlOlDGe5a3jvtxIRKak/mp+nmk8G+FGGlAatPIRmZQbk0hIzh0m88k8hJ7NqRXTDeDDmzmcZMCgYEAgpvOcSpF0l7UWHHepTCIJLIhSj8xLoeh/h1dAPEjTPzNnzg/3CwXzwyIsEY2881LzC/t5jY2iZZR4yQoIvgm649dRvNblwXuBkaH+vAhngUdSTzMBaGuQhMANkaHpvxf8zjftDoVet58sc5voruq7bQrgvWEXuxp4el3KUeKwSkCgYAmOa4QlPQ7bf6mj6U1k+8AfN6OL1RoP0DhqVx7vVASDWvATV/2OyTEftupU+iSARqoJTzHsM7icDqP2gz27fHzfR/gScZ+2K5lKCmufahqR3I7bvd3326oYzgheFz7JUJz9uXTOWGxtrzVfrPDt5LJ48WZFVzOJ2LtGtw/08PAzQKBgQDy/mQxGSxIImcBcjdHDP7kb5T3M69PWN/VER1AMvkU+60uQTfZ7sXsJhWQn6XgzHF9ZhpTJeeliNn9dcTFOt9sWEoLspxZNz/RoKeW2P6p1krjrz74XDOgce63AaXufAFIGUDrJhCcIbyvalEvVQyDnnWe/dHl4us/DX+/+GWjVQ==" + ], + "keySize": ["2048"], + "certificate": [ + "MIICmzCCAYMCBgF6AmA7pTANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjEwNjEyMjIzNjM5WhcNMzEwNjEyMjIzODE5WjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0T4r0deDIAzYjeCbNF4AqDe6RvQuAcjTSQHPv1xMtf5peMAyXmfdxqMlm5UE+P4LLLh+bi8Hu0cxNxjlK04xxC/3kNm+aidCTB5Tzuq6p8RMtOnrrTu1R9R1GJvlb965oqpVsKLT3HBJ+0F4ccJy+i0VPP8iOdnpSX+plwPNeCgsSJpmsrPeJIWye4kRaKjMU/6E9k0RJ9HP+Op3s9wP75I7WIu0yMHkE++UHtwVYNpbDD6dQ9ueyqwtnPB0DOECNh7XvHYBp99+RlRSnWt/lVcTPxvMCgylFkOzCEb6/WNQ+DrfxvcsVqRXo+FFO8uegpGk+93MuZGC5e3G5+tAPAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD25ZjxPFys+OAoSmgRuk4KwpTG4cLm3vEwUjD60+gvYJk3bFUgxErNv+Ax69PN4OZwMh9fdnVHRx0haVno0ULUBintRP/P0ond1mw7HB1v/i9EMpRiVoMEL8y3wV363XVw6mDrYI8Pp0OihJBKo5I1EWgaLAl+lu9YS6f3VXaASgqx1AaV6qZiXM95FOeYkjpx30cbIR6uhRAfBHz10PO//RhTCnBrjasU921qFSMH3EuvRZET0jB68FLF7uRFK+goSVrw9O+TcK6Cbh4I4GZX66ZBRW6MTTIzYNsSuSMUlGFujGcVi5+1JmJgJg76coIo7NIR68KPKyh+47Mvy9bI=" + ], + "active": ["true"], + "priority": ["100"], + "enabled": ["true"], + "algorithm": ["RS256"] + } + }, + { + "id": "4ac9540a-c5b7-48b0-b3e1-1a7887ed5414", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "kid": ["8fc9ebb4-d633-4fbc-a940-43414dbb6841"], + "active": ["true"], + "secretSize": ["16"], + "secret": ["mwpmhvHuQq_qLZAKhngrjg"], + "priority": ["100"], + "enabled": ["true"] + } } - } ], - "defaultClientScopes" : [ "web-origins", "Namespace.Create", "role_list", "roles", "Namespace.Admin", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ], - "authorizationSettings" : { - "allowRemoteResourceManagement" : true, - "policyEnforcementMode" : "ENFORCING", - "resources" : [ { - "name" : "Default Resource", - "type" : "urn:gwa-api:resources:default", - "ownerManagedAccess" : false, - "attributes" : { }, - "_id" : "054b9d22-ce05-4b1c-86bf-424eb7f3ca13", - "uris" : [ "/*" ] - }, { - "name" : "platform1", - "type" : "namespace", - "ownerManagedAccess" : true, - "attributes" : { }, - "_id" : "fa9f93b8-b1c1-45ab-ad65-672befbdaedc", - "uris" : [ ], - "scopes" : [ { - "name" : "GatewayConfig.Publish" - }, { - "name" : "Namespace.Manage" - }, { - "name" : "Access.Manage" - }, { - "name" : "Content.Publish" - }, { - "name" : "Namespace.View" - }, { - "name" : "CredentialIssuer.Admin" - } ] - }, { - "name" : "platform2", - "type" : "namespace", - "ownerManagedAccess" : true, - "attributes" : { }, - "_id" : "c6ad734c-6d8f-4b90-bcf9-cb9c19eadc22", - "uris" : [ ], - "scopes" : [ { - "name" : "GatewayConfig.Publish" - }, { - "name" : "Namespace.Manage" - }, { - "name" : "Access.Manage" - }, { - "name" : "Content.Publish" - }, { - "name" : "Namespace.View" - }, { - "name" : "CredentialIssuer.Admin" - } ] - }, { - "name" : "platform", - "type" : "namespace", - "ownerManagedAccess" : true, - "attributes" : { }, - "_id" : "501a70b7-546a-43f3-8992-a4c170f0bab7", - "uris" : [ ], - "scopes" : [ { - "name" : "GatewayConfig.Publish" - }, { - "name" : "Namespace.Manage" - }, { - "name" : "Access.Manage" - }, { - "name" : "Content.Publish" - }, { - "name" : "Namespace.View" - }, { - "name" : "CredentialIssuer.Admin" - } ] - }, { - "name" : "org/ca.bc.gov", - "type" : "organization", - "ownerManagedAccess" : true, - "displayName" : "org/ca.bc.gov", - "attributes" : { }, - "_id" : "228c26be-3ef4-43d6-92ec-8441ebf5887c", - "uris" : [ ], - "scopes" : [ { - "name" : "GroupAccess.Manage" - } ] - }, { - "name" : "org/ministry-of-health", - "type" : "organization", - "ownerManagedAccess" : true, - "attributes" : { }, - "_id" : "2367ab08-6c6e-42e4-b1db-3a86de3a028d", - "uris" : [ ], - "scopes" : [ { - "name" : "GroupAccess.Manage" - }, { - "name" : "Dataset.Manage" - }, { - "name" : "Namespace.Assign" - } ] - }, { - "name" : "org/planning-and-innovation-division", - "type" : "organization", - "ownerManagedAccess" : true, - "attributes" : { }, - "_id" : "032644b7-a3a0-489e-bda3-193bd14d861a", - "uris" : [ ], - "scopes" : [ { - "name" : "GroupAccess.Manage" - }, { - "name" : "Dataset.Manage" - }, { - "name" : "Namespace.Assign" - } ] - } ], - "policies" : [ { - "id" : "35dcd837-d215-4036-84fe-452605b0a065", - "name" : "Default Policy", - "description" : "A policy that grants access only for users within this realm", - "type" : "js", - "logic" : "POSITIVE", - "decisionStrategy" : "AFFIRMATIVE", - "config" : { - "code" : "// by default, grants any permission associated with this policy\n$evaluation.grant();\n" + ] + }, + "internationalizationEnabled": false, + "supportedLocales": [], + "authenticationFlows": [ + { + "id": "eaea4ea5-9672-4d18-be59-684a670dbdfd", + "alias": "Account verification options", + "description": "Method with which to verity the existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "ALTERNATIVE", + "priority": 20, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "f3b7e531-0657-457e-bcb6-bb20db1e6a0c", + "alias": "Authentication Options", + "description": "Authentication options.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "basic-auth", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "basic-auth-otp", + "requirement": "DISABLED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-spnego", + "requirement": "DISABLED", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false } - }, { - "id" : "ca06ef6c-d7f8-42c9-b0d6-0c9be85c1cc1", - "name" : "janis", - "type" : "user", - "logic" : "POSITIVE", - "decisionStrategy" : "UNANIMOUS", - "config" : { - "users" : "[\"janis@idir\"]" + ] + }, + { + "id": "fc933835-b5db-4779-b6ee-72fadd8cbc32", + "alias": "Browser - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-otp-form", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false } - }, { - "id" : "c3848ff4-76b0-4f2d-afe9-7dfd77467fcb", - "name" : "group-organization-admin-ca.bc.gov-policy", - "description" : "Group '/organization-admin' / 'ca.bc.gov' Policy", - "type" : "group", - "logic" : "POSITIVE", - "decisionStrategy" : "UNANIMOUS", - "config" : { - "groups" : "[{\"path\":\"/organization-admin/ca.bc.gov\",\"extendChildren\":false},{\"path\":\"/organization-admin\",\"extendChildren\":false}]" + ] + }, + { + "id": "c39815bc-7d19-48f6-b73b-d381979d61ea", + "alias": "Direct Grant - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "direct-grant-validate-otp", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false } - }, { - "id" : "6f49c571-fbbb-4f86-a72a-c1591a446bb3", - "name" : "group-organization-admin-ca.bc.gov-ministry-of-health-policy", - "description" : "Group '/organization-admin/ca.bc.gov' / 'ministry-of-health' Policy", - "type" : "group", - "logic" : "POSITIVE", - "decisionStrategy" : "UNANIMOUS", - "config" : { - "groups" : "[{\"path\":\"/organization-admin/ca.bc.gov/ministry-of-health\",\"extendChildren\":false},{\"path\":\"/organization-admin/ca.bc.gov\",\"extendChildren\":false},{\"path\":\"/organization-admin\",\"extendChildren\":false}]" + ] + }, + { + "id": "336eaf43-de45-482e-a794-37e8fdf77cbf", + "alias": "First broker login - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-otp-form", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false } - }, { - "id" : "99fdf1a9-d5ec-48c7-a2cd-1ddeb130b058", - "name" : "group-organization-admin-ca.bc.gov-ministry-of-health-planning-and-innovation-division-policy", - "description" : "Group '/organization-admin/ca.bc.gov/ministry-of-health' / 'planning-and-innovation-division' Policy", - "type" : "group", - "logic" : "POSITIVE", - "decisionStrategy" : "UNANIMOUS", - "config" : { - "groups" : "[{\"path\":\"/organization-admin/ca.bc.gov/ministry-of-health/planning-and-innovation-division\",\"extendChildren\":false},{\"path\":\"/organization-admin\",\"extendChildren\":false},{\"path\":\"/organization-admin/ca.bc.gov\",\"extendChildren\":false},{\"path\":\"/organization-admin/ca.bc.gov/ministry-of-health\",\"extendChildren\":false}]" + ] + }, + { + "id": "a2197ac7-3f2b-4b86-8d43-b629569d6222", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "REQUIRED", + "priority": 20, + "flowAlias": "Account verification options", + "userSetupAllowed": false, + "autheticatorFlow": true } - }, { - "id" : "31be7436-e9d8-42a3-b42e-69a1869a7eea", - "name" : "Default Permission", - "description" : "A permission that applies to the default resource type", - "type" : "resource", - "logic" : "POSITIVE", - "decisionStrategy" : "UNANIMOUS", - "config" : { - "defaultResourceType" : "urn:gwa-api:resources:default", - "applyPolicies" : "[\"Default Policy\"]" + ] + }, + { + "id": "5cc863ed-3367-41a8-bffa-0c410e4fb00d", + "alias": "Reset - Conditional OTP", + "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-otp", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false } - }, { - "id" : "65f0c0a4-e2ac-4364-800d-ebd4e11ce393", - "name" : "janis full access", - "type" : "scope", - "logic" : "POSITIVE", - "decisionStrategy" : "UNANIMOUS", - "config" : { - "scopes" : "[\"GroupAccess.Manage\",\"Namespace.Assign\"]", - "applyPolicies" : "[\"janis\"]" + ] + }, + { + "id": "d89c94eb-1441-4875-9082-72d5867ba139", + "alias": "User creation or linking", + "description": "Flow for the existing/non-existing user alternatives", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "ALTERNATIVE", + "priority": 20, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false, + "autheticatorFlow": true } - }, { - "id" : "854f0dfe-952d-48f8-9d53-d49b0b4ed122", - "name" : "Access to 'org/ca.bc.gov' services for role organization-admin", - "type" : "scope", - "logic" : "POSITIVE", - "decisionStrategy" : "UNANIMOUS", - "config" : { - "resources" : "[\"org/ca.bc.gov\"]", - "scopes" : "[\"GroupAccess.Manage\"]", - "applyPolicies" : "[\"group-organization-admin-ca.bc.gov-policy\"]" + ] + }, + { + "id": "6eb37e8d-5b94-483b-ac62-d45c224f9c33", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "CONDITIONAL", + "priority": 20, + "flowAlias": "First broker login - Conditional OTP", + "userSetupAllowed": false, + "autheticatorFlow": true } - }, { - "id" : "3f934d3f-d231-48fc-9f5a-924da7808989", - "name" : "Access to 'org/ministry-of-health' services for role organization-admin", - "type" : "scope", - "logic" : "POSITIVE", - "decisionStrategy" : "UNANIMOUS", - "config" : { - "resources" : "[\"org/ministry-of-health\"]", - "scopes" : "[\"Dataset.Manage\",\"GroupAccess.Manage\",\"Namespace.Assign\"]", - "applyPolicies" : "[\"group-organization-admin-ca.bc.gov-ministry-of-health-policy\"]" + ] + }, + { + "id": "4f39db74-1eb1-446b-aff8-247e39899452", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-spnego", + "requirement": "DISABLED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "identity-provider-redirector", + "requirement": "ALTERNATIVE", + "priority": 25, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "ALTERNATIVE", + "priority": 30, + "flowAlias": "forms", + "userSetupAllowed": false, + "autheticatorFlow": true } - }, { - "id" : "56a4857d-a0be-472c-85d0-2dca93a1fdac", - "name" : "Access to 'org/planning-and-innovation-division' services for role organization-admin", - "type" : "scope", - "logic" : "POSITIVE", - "decisionStrategy" : "UNANIMOUS", - "config" : { - "resources" : "[\"org/planning-and-innovation-division\"]", - "scopes" : "[\"Dataset.Manage\",\"GroupAccess.Manage\",\"Namespace.Assign\"]", - "applyPolicies" : "[\"group-organization-admin-ca.bc.gov-ministry-of-health-planning-and-innovation-division-policy\"]" + ] + }, + { + "id": "1a1fa355-84a8-4b5c-ba2e-929b719f6707", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "client-jwt", + "requirement": "ALTERNATIVE", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "client-secret-jwt", + "requirement": "ALTERNATIVE", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "client-x509", + "requirement": "ALTERNATIVE", + "priority": 40, + "userSetupAllowed": false, + "autheticatorFlow": false } - }, { - "id" : "f2e764aa-c355-4e81-a5e6-e76ffb86041f", - "name" : "Access to 'platform' services for role organization-admin", - "type" : "scope", - "logic" : "POSITIVE", - "decisionStrategy" : "UNANIMOUS", - "config" : { - "resources" : "[\"platform\"]", - "scopes" : "[\"Namespace.View\"]", - "applyPolicies" : "[\"group-organization-admin-ca.bc.gov-ministry-of-health-planning-and-innovation-division-policy\"]" + ] + }, + { + "id": "a40cb7dc-36d1-4c05-8c3b-3a69f971c4ed", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "direct-grant-validate-password", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "CONDITIONAL", + "priority": 30, + "flowAlias": "Direct Grant - Conditional OTP", + "userSetupAllowed": false, + "autheticatorFlow": true } - } ], - "scopes" : [ { - "id" : "6871ce8b-5d5f-455b-86ff-7cf5940930eb", - "name" : "Namespace.Manage" - }, { - "id" : "0006d34f-1416-4ffb-ad1f-39ebf63f9556", - "name" : "Namespace.View" - }, { - "id" : "a4d424c9-7331-4715-96a9-ecfd1dd0cf2c", - "name" : "GatewayConfig.Publish" - }, { - "id" : "fd403d7f-1dfb-4673-8ab3-5e1ff7797b35", - "name" : "Access.Manage" - }, { - "id" : "0f98e35d-c2c3-4781-bf85-478bf06cfa24", - "name" : "Content.Publish" - }, { - "id" : "dfc132ca-aa87-40b5-bc33-3e972a88f638", - "name" : "CredentialIssuer.Admin" - }, { - "id" : "95893c25-6b83-4e59-9518-a25568d95542", - "name" : "GroupAccess.Manage", - "iconUri" : "", - "displayName" : "GroupAccess.Manage" - }, { - "id" : "b0b007b1-1ecb-4b3f-9f0c-41b3fa34754c", - "name" : "Dataset.Manage" - }, { - "id" : "f3bf8d43-54a4-4594-aeea-f61b99411f92", - "name" : "Namespace.Assign" - } ], - "decisionStrategy" : "AFFIRMATIVE" - } - }, { - "id" : "4e6525e9-647c-4c80-85d6-9c13890b0ab2", - "clientId" : "master-realm", - "name" : "master Realm", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "**********", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "4bbc355d-7a87-4476-9593-7f9359dc8859", - "clientId" : "sa-platform1-e0000000-5be82156d61f", - "name" : "", - "description" : "", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "c01a7839-2679-4cdd-96c4-173223b49ee6", - "redirectUris" : [ "https://*" ], - "webOrigins" : [ "*" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : false, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : true, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.assertion.signature" : "false", - "saml.multivalued.roles" : "false", - "saml.force.post.binding" : "false", - "saml.encrypt" : "false", - "saml.server.signature" : "false", - "saml.server.signature.keyinfo.ext" : "false", - "exclude.session.state.from.auth.response" : "false", - "client_credentials.use_refresh_token" : "false", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "tls.client.certificate.bound.access.tokens" : "false", - "saml.authnstatement" : "false", - "display.on.consent.screen" : "false", - "saml.onetimeuse.condition" : "false" + ] }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "d5b56ac0-01af-4241-991e-1cd25edeb739", - "name" : "Client ID", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientId", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientId", - "jsonType.label" : "String" - } - }, { - "id" : "8c119e4b-b308-41aa-be7b-91e1d299e499", - "name" : "Client Host", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientHost", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientHost", - "jsonType.label" : "String" - } - }, { - "id" : "3ba852b4-71b8-4942-950b-80968346b0e2", - "name" : "Client IP Address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientAddress", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientAddress", - "jsonType.label" : "String" - } - } ], - "defaultClientScopes" : [ ], - "optionalClientScopes" : [ ] - }, { - "id" : "25ee1923-6323-4c4c-ae70-178615ace3b2", - "clientId" : "sa-platform-e0000000-fa46551361b4", - "name" : "", - "description" : "", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "dc96e3d3-23cc-4345-aa5e-6f89b5d20c91", - "redirectUris" : [ "https://*" ], - "webOrigins" : [ "*" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : false, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : true, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.assertion.signature" : "false", - "saml.multivalued.roles" : "false", - "saml.force.post.binding" : "false", - "saml.encrypt" : "false", - "saml.server.signature" : "false", - "saml.server.signature.keyinfo.ext" : "false", - "exclude.session.state.from.auth.response" : "false", - "client_credentials.use_refresh_token" : "false", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "tls.client.certificate.bound.access.tokens" : "false", - "saml.authnstatement" : "false", - "display.on.consent.screen" : "false", - "saml.onetimeuse.condition" : "false" + { + "id": "d9895dae-28c7-49a4-8e5d-35189dcb388f", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "270af568-11bf-4208-bccd-58583e44f09c", - "name" : "Client IP Address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientAddress", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientAddress", - "jsonType.label" : "String" - } - }, { - "id" : "9dda9072-1e47-43fd-a482-6830b252ca5b", - "name" : "Client Host", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientHost", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientHost", - "jsonType.label" : "String" - } - }, { - "id" : "a35858ac-39ad-46bc-9227-e40698049c62", - "name" : "Client ID", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientId", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientId", - "jsonType.label" : "String" - } - } ], - "defaultClientScopes" : [ ], - "optionalClientScopes" : [ ] - }, { - "id" : "5c797848-2f03-4085-a03a-e4f7c22d0050", - "clientId" : "security-admin-console", - "name" : "${client_security-admin-console}", - "rootUrl" : "${authAdminUrl}", - "baseUrl" : "/admin/master/console/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "**********", - "redirectUris" : [ "/admin/master/console/*" ], - "webOrigins" : [ "+" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "pkce.code.challenge.method" : "S256" + { + "id": "9e2bc038-a63a-409a-9f9e-d2ad7b5da71e", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "REQUIRED", + "priority": 20, + "flowAlias": "User creation or linking", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "c5b453d6-73e5-40f2-bc65-375b571f7d6c", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - } ], - "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - } ], - "clientScopes" : [ { - "id" : "f5d4d8e2-6e57-477a-83b0-88047af5285d", - "name" : "Content.Publish", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true" - } - }, { - "id" : "4f7a31ce-a48b-4816-baff-4dbc378d4a10", - "name" : "Namespace.Admin", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true" - } - }, { - "id" : "5c280525-34b7-4436-a567-ad5a75f0b093", - "name" : "Namespace.Create", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true" - } - }, { - "id" : "e78e5fd1-5ee2-4215-a5c3-a8581a19c716", - "name" : "address", - "description" : "OpenID Connect built-in scope: address", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${addressScopeConsentText}" + { + "id": "b5d3583a-e8bc-4d03-ba9f-631861b86e95", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "CONDITIONAL", + "priority": 20, + "flowAlias": "Browser - Conditional OTP", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] }, - "protocolMappers" : [ { - "id" : "b2a36609-2408-44fd-88ac-ef41fa62f5f4", - "name" : "address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-address-mapper", - "consentRequired" : false, - "config" : { - "user.attribute.formatted" : "formatted", - "user.attribute.country" : "country", - "user.attribute.postal_code" : "postal_code", - "userinfo.token.claim" : "true", - "user.attribute.street" : "street", - "id.token.claim" : "true", - "user.attribute.region" : "region", - "access.token.claim" : "true", - "user.attribute.locality" : "locality" - } - } ] - }, { - "id" : "89e870cc-7056-4bc0-8cf2-9c961ff4a62d", - "name" : "email", - "description" : "OpenID Connect built-in scope: email", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${emailScopeConsentText}" + { + "id": "e818aa51-f428-4be6-8825-d4390490c750", + "alias": "http challenge", + "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "no-cookie-redirect", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "REQUIRED", + "priority": 20, + "flowAlias": "Authentication Options", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] }, - "protocolMappers" : [ { - "id" : "7fb89890-a73f-4162-9ca3-e1539905ccb6", - "name" : "email verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "emailVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email_verified", - "jsonType.label" : "boolean" - } - }, { - "id" : "9ec60f35-65c9-4ea2-ab0e-2fc2c462d892", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "920764e0-6019-462b-bc25-f17a54562752", - "name" : "microprofile-jwt", - "description" : "Microprofile - JWT built-in scope", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "false" + { + "id": "41c90cc6-5164-45e4-a471-315cabf2a3ba", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "requirement": "REQUIRED", + "priority": 10, + "flowAlias": "registration form", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "75cd103c-e44f-4f7a-be0a-1b0700f9b24b", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-profile-action", + "requirement": "REQUIRED", + "priority": 40, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-password-action", + "requirement": "REQUIRED", + "priority": 50, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-recaptcha-action", + "requirement": "DISABLED", + "priority": 60, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] }, - "protocolMappers" : [ { - "id" : "cd9090fd-faf4-450a-9144-3a9e04260095", - "name" : "groups", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "multivalued" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "foo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "groups", - "jsonType.label" : "String" + { + "id": "c0408c68-5298-4a67-b19c-207dc2ffb6c8", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-credential-email", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-password", + "requirement": "REQUIRED", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "CONDITIONAL", + "priority": 40, + "flowAlias": "Reset - Conditional OTP", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "e9f7b9f2-95c8-425c-a29c-9c6976a684fe", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "09b0cc82-d8c2-401f-8ba1-8dac7f356908", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" } - }, { - "id" : "9ca3b431-06e3-43f0-9277-a6dec6ec1172", - "name" : "upn", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "upn", - "jsonType.label" : "String" + }, + { + "id": "5b5d858b-bbde-4545-9c59-4718a96a2333", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" } - } ] - }, { - "id" : "bb473906-0c39-4af1-aad9-d8788dc7559f", - "name" : "offline_access", - "description" : "OpenID Connect built-in scope: offline_access", - "protocol" : "openid-connect", - "attributes" : { - "consent.screen.text" : "${offlineAccessScopeConsentText}", - "display.on.consent.screen" : "true" } - }, { - "id" : "e5e16f12-1b4c-47e7-9599-99ff395f359c", - "name" : "phone", - "description" : "OpenID Connect built-in scope: phone", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${phoneScopeConsentText}" + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} }, - "protocolMappers" : [ { - "id" : "8d83aa08-43a9-49f5-b1dd-caa144e2cad5", - "name" : "phone number", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumber", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number", - "jsonType.label" : "String" - } - }, { - "id" : "3886e58f-d64f-4851-80f3-ae7cc5c6ab13", - "name" : "phone number verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumberVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number_verified", - "jsonType.label" : "boolean" - } - } ] - }, { - "id" : "f33d0489-2a52-4066-9c38-e130c02665ee", - "name" : "profile", - "description" : "OpenID Connect built-in scope: profile", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${profileScopeConsentText}" + { + "alias": "terms_and_conditions", + "name": "Terms and Conditions", + "providerId": "terms_and_conditions", + "enabled": false, + "defaultAction": false, + "priority": 20, + "config": {} }, - "protocolMappers" : [ { - "id" : "1826e2b1-380a-4c65-a73e-3bb79f519550", - "name" : "website", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "website", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "website", - "jsonType.label" : "String" - } - }, { - "id" : "6ea0a08a-ab42-4b45-acfc-a05f5b452cb0", - "name" : "nickname", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "nickname", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "nickname", - "jsonType.label" : "String" - } - }, { - "id" : "78d97855-5557-4f10-9d20-74d8ea6bdfef", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : false, - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true", - "userinfo.token.claim" : "true" - } - }, { - "id" : "22e60a23-914f-40bf-960d-e7a96655581d", - "name" : "picture", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "picture", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "picture", - "jsonType.label" : "String" - } - }, { - "id" : "e595c828-c815-4dff-bd8f-39b1eee5a3b3", - "name" : "birthdate", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "birthdate", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "birthdate", - "jsonType.label" : "String" - } - }, { - "id" : "cd91c70b-0856-4f5d-aeb6-9b5c3b48a966", - "name" : "zoneinfo", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "zoneinfo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "zoneinfo", - "jsonType.label" : "String" - } - }, { - "id" : "4ce90553-d828-4146-92e0-ee1775c9ba28", - "name" : "updated at", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "updatedAt", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "updated_at", - "jsonType.label" : "String" - } - }, { - "id" : "43710808-227e-4171-a106-7576f933a32b", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "a814d5c0-bdcd-4f33-8cfd-228005f2ba94", - "name" : "gender", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "gender", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "gender", - "jsonType.label" : "String" - } - }, { - "id" : "df9e1465-617d-4a7b-a208-7354c6cbaada", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - }, { - "id" : "fc508e60-a978-41f1-bea2-311673b4b0a8", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "8e4641a3-87d3-4958-8113-dcfa82f0ef54", - "name" : "middle name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "middleName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "middle_name", - "jsonType.label" : "String" - } - }, { - "id" : "ffc38939-9e10-4cf3-b4fc-65203e079a92", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "9364fe99-268a-4a74-88aa-a120a6897e78", - "name" : "profile", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "profile", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "profile", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "b5a38584-219b-4618-a3a5-70814bed867e", - "name" : "role_list", - "description" : "SAML role list", - "protocol" : "saml", - "attributes" : { - "consent.screen.text" : "${samlRoleListScopeConsentText}", - "display.on.consent.screen" : "true" + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} }, - "protocolMappers" : [ { - "id" : "1a0a5251-1b3f-47b1-8cc1-07a285d6479f", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - } ] - }, { - "id" : "33bd4c0f-225f-43cb-8b6c-0bd4db702525", - "name" : "roles", - "description" : "OpenID Connect scope for add user roles to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${rolesScopeConsentText}" + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} }, - "protocolMappers" : [ { - "id" : "e276a79b-99cc-4f10-8d26-0e10ce245fdb", - "name" : "client roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-client-role-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "resource_access.${client_id}.roles", - "jsonType.label" : "String", - "multivalued" : "true" - } - }, { - "id" : "b64cc3a2-8ed8-4dee-a13a-fef5588a5949", - "name" : "realm roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "realm_access.roles", - "jsonType.label" : "String", - "multivalued" : "true" - } - }, { - "id" : "c9828318-6d78-4aba-94ea-405f12fce589", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - } ] - }, { - "id" : "0bfddcf3-017d-44b6-8447-297c565d5d2d", - "name" : "web-origins", - "description" : "OpenID Connect scope for add allowed web origins to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false", - "consent.screen.text" : "" + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} }, - "protocolMappers" : [ { - "id" : "28867dcd-803d-47a5-be90-51be8a331527", - "name" : "allowed web origins", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-allowed-origins-mapper", - "consentRequired" : false, - "config" : { } - } ] - }, { - "id" : "e28fac82-4db1-4900-8096-74706a71f7f3", - "name" : "System.Write", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true" + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} } - } ], - "defaultDefaultClientScopes" : [ "web-origins", "roles", "Namespace.Admin", "Namespace.Create", "email", "role_list", "profile" ], - "defaultOptionalClientScopes" : [ "microprofile-jwt", "offline_access", "phone", "address" ], - "browserSecurityHeaders" : { - "contentSecurityPolicyReportOnly" : "", - "xContentTypeOptions" : "nosniff", - "xRobotsTag" : "none", - "xFrameOptions" : "SAMEORIGIN", - "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection" : "1; mode=block", - "strictTransportSecurity" : "max-age=31536000; includeSubDomains" - }, - "smtpServer" : { }, - "eventsEnabled" : false, - "eventsListeners" : [ "jboss-logging" ], - "enabledEventTypes" : [ ], - "adminEventsEnabled" : false, - "adminEventsDetailsEnabled" : false, - "components" : { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { - "id" : "d7699c96-1cc0-46fe-b0fe-c72c7f7d1804", - "name" : "Consent Required", - "providerId" : "consent-required", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - }, { - "id" : "522f0c4c-8dfe-4421-b573-0e5723319dac", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "2502109c-1319-4bcd-bf94-a5225239c42b", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "oidc-address-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-usermodel-property-mapper" ] - } - }, { - "id" : "013bd2ad-80e7-40fe-ba41-b90642d536cd", - "name" : "Trusted Hosts", - "providerId" : "trusted-hosts", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "host-sending-registration-request-must-match" : [ "true" ], - "client-uris-must-match" : [ "true" ] - } - }, { - "id" : "c0bcf5a2-ef5f-4f03-95c7-ea15f27c8cd7", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "1157f7fe-a055-4ec3-8af8-3f809fd2fec0", - "name" : "Full Scope Disabled", - "providerId" : "scope", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - }, { - "id" : "650e6c8f-8a93-4096-9d37-1aecfe000e49", - "name" : "Max Clients Limit", - "providerId" : "max-clients", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "max-clients" : [ "200" ] - } - }, { - "id" : "93e21f15-c390-475a-865a-3f8125b1ccc9", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-full-name-mapper", "oidc-audience-mapper" ] - } - } ], - "org.keycloak.keys.KeyProvider" : [ { - "id" : "2b0c7bcb-c441-4694-8639-7175a1956655", - "name" : "hmac-generated", - "providerId" : "hmac-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "1b23b32b-bb69-4a9a-b20d-770d009ffb67" ], - "active" : [ "true" ], - "secretSize" : [ "64" ], - "secret" : [ "FqB7weAN-07obv1h7cltkFANraOPiK3BN-x1fBR7BY3yF_tOVVy0faPtS24pbPB5VJMXrvZBVy4MvQbhPGOn-A" ], - "priority" : [ "100" ], - "enabled" : [ "true" ], - "algorithm" : [ "HS256" ] - } - }, { - "id" : "82953e3c-d927-4f6f-8b57-3b5c7b8903d6", - "name" : "rsa-generated", - "providerId" : "rsa-generated", - "subComponents" : { }, - "config" : { - "privateKey" : [ "MIIEpAIBAAKCAQEAtE+K9HXgyAM2I3gmzReAKg3ukb0LgHI00kBz79cTLX+aXjAMl5n3cajJZuVBPj+Cyy4fm4vB7tHMTcY5StOMcQv95DZvmonQkweU87quqfETLTp6607tUfUdRib5W/euaKqVbCi09xwSftBeHHCcvotFTz/IjnZ6Ul/qZcDzXgoLEiaZrKz3iSFsnuJEWiozFP+hPZNESfRz/jqd7PcD++SO1iLtMjB5BPvlB7cFWDaWww+nUPbnsqsLZzwdAzhAjYe17x2AafffkZUUp1rf5VXEz8bzAoMpRZDswhG+v1jUPg638b3LFakV6PhRTvLnoKRpPvdzLmRguXtxufrQDwIDAQABAoIBAG0CLcrPPR8OuftFl4ekbop+M74OIVb9NKvr5WuZhnGaVHQe7m302mDvnxtC/Geqs+MsNlWub4d3dOGMNnTjYmOx0UPYGS6/pMZO7iFPumrpYSOV2FxMMjO7UYBo7ZZJLjr+7ikejxFZ+mCKjmr5NfoIbtWThSeDvz3v2OC9fyRZPE/AAqsy9Gkhukxnsi4nJOBK89nLeZS1nbGPzJxu9jiNm2snWI56N7orrVW5KBR/ynaFMN5CepYqgzK5uXv9dkzjBgiQbPlXk9c+LIWrrjXFxjftJTiop6C938B1MlfamkUsoQLwG1Uh8SQNgBExFUOeegouOJthbjhhVdPe/QkCgYEA/7Y5B2Sm0S+DXfoWyHS26ZQ2fDu9WweLbnGL9KrKd4T7u5Ubu9+qTu1aU2m7RxRya9yHzzVXSiTEKPoTPCjC9CIGA3YtQxze2zf7un+RfdN0Ty9pBZiKbAavsX5+KyIliC6FQy0O48eWR7LMsVSFJGGIeYPTjgY3U34uLsN55RUCgYEAtIOQxc1AFw/wcQIsJYEZWmwUIEd49s6x6iCBXez1sfZLJVHL5mE7NNxT0vuSKwxMK4gddSoRjBDqWGgge93HlIz+N+Ln656zCdLlOlDGe5a3jvtxIRKak/mp+nmk8G+FGGlAatPIRmZQbk0hIzh0m88k8hJ7NqRXTDeDDmzmcZMCgYEAgpvOcSpF0l7UWHHepTCIJLIhSj8xLoeh/h1dAPEjTPzNnzg/3CwXzwyIsEY2881LzC/t5jY2iZZR4yQoIvgm649dRvNblwXuBkaH+vAhngUdSTzMBaGuQhMANkaHpvxf8zjftDoVet58sc5voruq7bQrgvWEXuxp4el3KUeKwSkCgYAmOa4QlPQ7bf6mj6U1k+8AfN6OL1RoP0DhqVx7vVASDWvATV/2OyTEftupU+iSARqoJTzHsM7icDqP2gz27fHzfR/gScZ+2K5lKCmufahqR3I7bvd3326oYzgheFz7JUJz9uXTOWGxtrzVfrPDt5LJ48WZFVzOJ2LtGtw/08PAzQKBgQDy/mQxGSxIImcBcjdHDP7kb5T3M69PWN/VER1AMvkU+60uQTfZ7sXsJhWQn6XgzHF9ZhpTJeeliNn9dcTFOt9sWEoLspxZNz/RoKeW2P6p1krjrz74XDOgce63AaXufAFIGUDrJhCcIbyvalEvVQyDnnWe/dHl4us/DX+/+GWjVQ==" ], - "keySize" : [ "2048" ], - "certificate" : [ "MIICmzCCAYMCBgF6AmA7pTANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjEwNjEyMjIzNjM5WhcNMzEwNjEyMjIzODE5WjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0T4r0deDIAzYjeCbNF4AqDe6RvQuAcjTSQHPv1xMtf5peMAyXmfdxqMlm5UE+P4LLLh+bi8Hu0cxNxjlK04xxC/3kNm+aidCTB5Tzuq6p8RMtOnrrTu1R9R1GJvlb965oqpVsKLT3HBJ+0F4ccJy+i0VPP8iOdnpSX+plwPNeCgsSJpmsrPeJIWye4kRaKjMU/6E9k0RJ9HP+Op3s9wP75I7WIu0yMHkE++UHtwVYNpbDD6dQ9ueyqwtnPB0DOECNh7XvHYBp99+RlRSnWt/lVcTPxvMCgylFkOzCEb6/WNQ+DrfxvcsVqRXo+FFO8uegpGk+93MuZGC5e3G5+tAPAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAD25ZjxPFys+OAoSmgRuk4KwpTG4cLm3vEwUjD60+gvYJk3bFUgxErNv+Ax69PN4OZwMh9fdnVHRx0haVno0ULUBintRP/P0ond1mw7HB1v/i9EMpRiVoMEL8y3wV363XVw6mDrYI8Pp0OihJBKo5I1EWgaLAl+lu9YS6f3VXaASgqx1AaV6qZiXM95FOeYkjpx30cbIR6uhRAfBHz10PO//RhTCnBrjasU921qFSMH3EuvRZET0jB68FLF7uRFK+goSVrw9O+TcK6Cbh4I4GZX66ZBRW6MTTIzYNsSuSMUlGFujGcVi5+1JmJgJg76coIo7NIR68KPKyh+47Mvy9bI=" ], - "active" : [ "true" ], - "priority" : [ "100" ], - "enabled" : [ "true" ], - "algorithm" : [ "RS256" ] - } - }, { - "id" : "4ac9540a-c5b7-48b0-b3e1-1a7887ed5414", - "name" : "aes-generated", - "providerId" : "aes-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "8fc9ebb4-d633-4fbc-a940-43414dbb6841" ], - "active" : [ "true" ], - "secretSize" : [ "16" ], - "secret" : [ "mwpmhvHuQq_qLZAKhngrjg" ], - "priority" : [ "100" ], - "enabled" : [ "true" ] - } - } ] + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "attributes": { + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaExpiresIn": "120", + "cibaAuthRequestedUserHint": "login_hint", + "oauth2DeviceCodeLifespan": "600", + "clientOfflineSessionMaxLifespan": "0", + "oauth2DevicePollingInterval": "5", + "clientSessionIdleTimeout": "0", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0", + "clientOfflineSessionIdleTimeout": "0", + "cibaInterval": "5" }, - "internationalizationEnabled" : false, - "supportedLocales" : [ ], - "authenticationFlows" : [ { - "id" : "eaea4ea5-9672-4d18-be59-684a670dbdfd", - "alias" : "Account verification options", - "description" : "Method with which to verity the existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-email-verification", - "requirement" : "ALTERNATIVE", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "ALTERNATIVE", - "priority" : 20, - "flowAlias" : "Verify Existing Account by Re-authentication", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "f3b7e531-0657-457e-bcb6-bb20db1e6a0c", - "alias" : "Authentication Options", - "description" : "Authentication options.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "basic-auth", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "basic-auth-otp", - "requirement" : "DISABLED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "auth-spnego", - "requirement" : "DISABLED", - "priority" : 30, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "fc933835-b5db-4779-b6ee-72fadd8cbc32", - "alias" : "Browser - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "auth-otp-form", - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "c39815bc-7d19-48f6-b73b-d381979d61ea", - "alias" : "Direct Grant - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "direct-grant-validate-otp", - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "336eaf43-de45-482e-a794-37e8fdf77cbf", - "alias" : "First broker login - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "auth-otp-form", - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "a2197ac7-3f2b-4b86-8d43-b629569d6222", - "alias" : "Handle Existing Account", - "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-confirm-link", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "REQUIRED", - "priority" : 20, - "flowAlias" : "Account verification options", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "5cc863ed-3367-41a8-bffa-0c410e4fb00d", - "alias" : "Reset - Conditional OTP", - "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "reset-otp", - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "d89c94eb-1441-4875-9082-72d5867ba139", - "alias" : "User creation or linking", - "description" : "Flow for the existing/non-existing user alternatives", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "create unique user config", - "authenticator" : "idp-create-user-if-unique", - "requirement" : "ALTERNATIVE", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "ALTERNATIVE", - "priority" : 20, - "flowAlias" : "Handle Existing Account", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "6eb37e8d-5b94-483b-ac62-d45c224f9c33", - "alias" : "Verify Existing Account by Re-authentication", - "description" : "Reauthentication of existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-username-password-form", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "CONDITIONAL", - "priority" : 20, - "flowAlias" : "First broker login - Conditional OTP", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "4f39db74-1eb1-446b-aff8-247e39899452", - "alias" : "browser", - "description" : "browser based authentication", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-cookie", - "requirement" : "ALTERNATIVE", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "auth-spnego", - "requirement" : "DISABLED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "identity-provider-redirector", - "requirement" : "ALTERNATIVE", - "priority" : 25, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "ALTERNATIVE", - "priority" : 30, - "flowAlias" : "forms", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "1a1fa355-84a8-4b5c-ba2e-929b719f6707", - "alias" : "clients", - "description" : "Base authentication for clients", - "providerId" : "client-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "client-secret", - "requirement" : "ALTERNATIVE", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "client-jwt", - "requirement" : "ALTERNATIVE", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "client-secret-jwt", - "requirement" : "ALTERNATIVE", - "priority" : 30, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "client-x509", - "requirement" : "ALTERNATIVE", - "priority" : 40, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "a40cb7dc-36d1-4c05-8c3b-3a69f971c4ed", - "alias" : "direct grant", - "description" : "OpenID Connect Resource Owner Grant", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "direct-grant-validate-username", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "direct-grant-validate-password", - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "CONDITIONAL", - "priority" : 30, - "flowAlias" : "Direct Grant - Conditional OTP", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "d9895dae-28c7-49a4-8e5d-35189dcb388f", - "alias" : "docker auth", - "description" : "Used by Docker clients to authenticate against the IDP", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "docker-http-basic-authenticator", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "9e2bc038-a63a-409a-9f9e-d2ad7b5da71e", - "alias" : "first broker login", - "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "review profile config", - "authenticator" : "idp-review-profile", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "REQUIRED", - "priority" : 20, - "flowAlias" : "User creation or linking", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "b5d3583a-e8bc-4d03-ba9f-631861b86e95", - "alias" : "forms", - "description" : "Username, password, otp and other auth forms.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-username-password-form", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "CONDITIONAL", - "priority" : 20, - "flowAlias" : "Browser - Conditional OTP", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "e818aa51-f428-4be6-8825-d4390490c750", - "alias" : "http challenge", - "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "no-cookie-redirect", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "REQUIRED", - "priority" : 20, - "flowAlias" : "Authentication Options", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "41c90cc6-5164-45e4-a471-315cabf2a3ba", - "alias" : "registration", - "description" : "registration flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-page-form", - "requirement" : "REQUIRED", - "priority" : 10, - "flowAlias" : "registration form", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "75cd103c-e44f-4f7a-be0a-1b0700f9b24b", - "alias" : "registration form", - "description" : "registration form", - "providerId" : "form-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-user-creation", - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "registration-profile-action", - "requirement" : "REQUIRED", - "priority" : 40, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "registration-password-action", - "requirement" : "REQUIRED", - "priority" : 50, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "registration-recaptcha-action", - "requirement" : "DISABLED", - "priority" : 60, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - }, { - "id" : "c0408c68-5298-4a67-b19c-207dc2ffb6c8", - "alias" : "reset credentials", - "description" : "Reset credentials for a user if they forgot their password or something", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "reset-credentials-choose-user", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "reset-credential-email", - "requirement" : "REQUIRED", - "priority" : 20, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "authenticator" : "reset-password", - "requirement" : "REQUIRED", - "priority" : 30, - "userSetupAllowed" : false, - "autheticatorFlow" : false - }, { - "requirement" : "CONDITIONAL", - "priority" : 40, - "flowAlias" : "Reset - Conditional OTP", - "userSetupAllowed" : false, - "autheticatorFlow" : true - } ] - }, { - "id" : "e9f7b9f2-95c8-425c-a29c-9c6976a684fe", - "alias" : "saml ecp", - "description" : "SAML ECP Profile Authentication Flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "http-basic-authenticator", - "requirement" : "REQUIRED", - "priority" : 10, - "userSetupAllowed" : false, - "autheticatorFlow" : false - } ] - } ], - "authenticatorConfig" : [ { - "id" : "09b0cc82-d8c2-401f-8ba1-8dac7f356908", - "alias" : "create unique user config", - "config" : { - "require.password.update.after.registration" : "false" - } - }, { - "id" : "5b5d858b-bbde-4545-9c59-4718a96a2333", - "alias" : "review profile config", - "config" : { - "update.profile.on.first.login" : "missing" - } - } ], - "requiredActions" : [ { - "alias" : "CONFIGURE_TOTP", - "name" : "Configure OTP", - "providerId" : "CONFIGURE_TOTP", - "enabled" : true, - "defaultAction" : false, - "priority" : 10, - "config" : { } - }, { - "alias" : "terms_and_conditions", - "name" : "Terms and Conditions", - "providerId" : "terms_and_conditions", - "enabled" : false, - "defaultAction" : false, - "priority" : 20, - "config" : { } - }, { - "alias" : "UPDATE_PASSWORD", - "name" : "Update Password", - "providerId" : "UPDATE_PASSWORD", - "enabled" : true, - "defaultAction" : false, - "priority" : 30, - "config" : { } - }, { - "alias" : "UPDATE_PROFILE", - "name" : "Update Profile", - "providerId" : "UPDATE_PROFILE", - "enabled" : true, - "defaultAction" : false, - "priority" : 40, - "config" : { } - }, { - "alias" : "VERIFY_EMAIL", - "name" : "Verify Email", - "providerId" : "VERIFY_EMAIL", - "enabled" : true, - "defaultAction" : false, - "priority" : 50, - "config" : { } - }, { - "alias" : "update_user_locale", - "name" : "Update User Locale", - "providerId" : "update_user_locale", - "enabled" : true, - "defaultAction" : false, - "priority" : 1000, - "config" : { } - } ], - "browserFlow" : "browser", - "registrationFlow" : "registration", - "directGrantFlow" : "direct grant", - "resetCredentialsFlow" : "reset credentials", - "clientAuthenticationFlow" : "clients", - "dockerAuthenticationFlow" : "docker auth", - "attributes" : { - "clientOfflineSessionMaxLifespan" : "0", - "clientSessionIdleTimeout" : "0", - "clientSessionMaxLifespan" : "0", - "clientOfflineSessionIdleTimeout" : "0" + "keycloakVersion": "15.1.1", + "userManagedAccessAllowed": true, + "clientProfiles": { + "profiles": [] }, - "keycloakVersion" : "11.0.3", - "userManagedAccessAllowed" : true + "clientPolicies": { + "policies": [] + } } diff --git a/local/kong/Dockerfile b/local/kong/Dockerfile index be4d70913..397e07dff 100644 --- a/local/kong/Dockerfile +++ b/local/kong/Dockerfile @@ -20,7 +20,7 @@ RUN (cd kong-oidc && luarocks make && luarocks pack kong-oidc ${PLUGIN_OIDC_VERS RUN git clone https://github.com/ikethecoder/kong-oidc-consumer.git RUN (cd kong-oidc-consumer && luarocks make && luarocks pack kong-oidc-consumer ${PLUGIN_OIDC_CONSUMER_VERSION}) -RUN git clone https://github.com/ikethecoder/kong-plugin-jwt-keycloak.git +RUN git clone -b kong28 https://github.com/ikethecoder/kong-plugin-jwt-keycloak.git RUN (cd kong-plugin-jwt-keycloak && luarocks make && luarocks pack kong-plugin-jwt-keycloak ${PLUGIN_VERSION}) RUN git clone -b feature/kong-2.0-upgrade https://github.com/bcgov/gwa-kong-endpoint.git diff --git a/local/oauth2-proxy/oauth2-proxy-local.cfg b/local/oauth2-proxy/oauth2-proxy-local.cfg index 2c7281267..427904629 100644 --- a/local/oauth2-proxy/oauth2-proxy-local.cfg +++ b/local/oauth2-proxy/oauth2-proxy-local.cfg @@ -6,12 +6,12 @@ insecure_oidc_allow_unverified_email="true" client_id="aps-portal" client_secret="8e1a17ed-cb93-4806-ac32-e303d1c86018" scope="openid" -oidc_issuer_url="http://keycloak.localtest.me:9080/auth/realms/master" -login_url="http://keycloak.localtest.me:9080/auth/realms/master/protocol/openid-connect/auth" -redeem_url="http://keycloak.localtest.me:9080/auth/realms/master/protocol/openid-connect/token" -validate_url="http://keycloak.localtest.me:9080/auth/realms/master/protocol/openid-connect/userinfo" +oidc_issuer_url="http://keycloak.localtest.me:9081/auth/realms/master" +login_url="http://keycloak.localtest.me:9081/auth/realms/master/protocol/openid-connect/auth" +redeem_url="http://keycloak.localtest.me:9081/auth/realms/master/protocol/openid-connect/token" +validate_url="http://keycloak.localtest.me:9081/auth/realms/master/protocol/openid-connect/userinfo" redirect_url="http://oauth2proxy.localtest.me:4180/oauth2/callback" -profile_url="http://keycloak.localtest.me:9080/auth/realms/master/protocol/openid-connect/userinfo" +profile_url="http://keycloak.localtest.me:9081/auth/realms/master/protocol/openid-connect/userinfo" cookie_secure="false" cookie_refresh="3m" cookie_expire="24h" @@ -22,7 +22,7 @@ skip_jwt_bearer_tokens="false" set_authorization_header="false" pass_authorization_header="false" skip_auth_regex="/login|/health|/public|/docs|/redirect|/_next|/images|/devportal|/manager|/about|/maintenance|/admin/session|/ds/api|/gw/api|/feed/|/signout|^[/]$" -whitelist_domains="keycloak.localtest.me:9080" +whitelist_domains="keycloak.localtest.me:9081" upstreams=["http://apsportal.localtest.me:3000"] skip_provider_button='true' redis_connection_url="redis://redis-master:6379" diff --git a/src/batch/data-rules.js b/src/batch/data-rules.js index 241e38969..38f8bb7ef 100644 --- a/src/batch/data-rules.js +++ b/src/batch/data-rules.js @@ -429,6 +429,7 @@ const metadata = { type: 'enum', values: [ 'public', + 'protected-externally', 'authorization-code', 'client-credentials', 'kong-acl-only', diff --git a/src/controllers/v2/openapi.yaml b/src/controllers/v2/openapi.yaml index 306e8d3ac..06cbe5a6a 100644 --- a/src/controllers/v2/openapi.yaml +++ b/src/controllers/v2/openapi.yaml @@ -578,6 +578,7 @@ components: type: string enum: - public + - protected-externally - authorization-code - client-credentials - kong-acl-only diff --git a/src/controllers/v2/routes.ts b/src/controllers/v2/routes.ts index 9f05c5aee..46048762e 100644 --- a/src/controllers/v2/routes.ts +++ b/src/controllers/v2/routes.ts @@ -379,7 +379,7 @@ const models: TsoaRoute.Models = { "name": {"dataType":"union","subSchemas":[{"dataType":"enum","enums":["dev"]},{"dataType":"enum","enums":["test"]},{"dataType":"enum","enums":["prod"]},{"dataType":"enum","enums":["sandbox"]},{"dataType":"enum","enums":["other"]}]}, "active": {"dataType":"boolean"}, "approval": {"dataType":"boolean"}, - "flow": {"dataType":"union","subSchemas":[{"dataType":"enum","enums":["public"]},{"dataType":"enum","enums":["authorization-code"]},{"dataType":"enum","enums":["client-credentials"]},{"dataType":"enum","enums":["kong-acl-only"]},{"dataType":"enum","enums":["kong-api-key-only"]},{"dataType":"enum","enums":["kong-api-key-acl"]}]}, + "flow": {"dataType":"union","subSchemas":[{"dataType":"enum","enums":["public"]},{"dataType":"enum","enums":["protected-externally"]},{"dataType":"enum","enums":["authorization-code"]},{"dataType":"enum","enums":["client-credentials"]},{"dataType":"enum","enums":["kong-acl-only"]},{"dataType":"enum","enums":["kong-api-key-only"]},{"dataType":"enum","enums":["kong-api-key-acl"]}]}, "additionalDetailsToRequest": {"dataType":"string"}, "services": {"dataType":"array","array":{"dataType":"refAlias","ref":"GatewayServiceRefID"}}, "legal": {"ref":"LegalRefID"}, diff --git a/src/controllers/v2/types.ts b/src/controllers/v2/types.ts index 366bbdbfb..e8a3b9bdc 100644 --- a/src/controllers/v2/types.ts +++ b/src/controllers/v2/types.ts @@ -299,7 +299,7 @@ export interface Environment { name?: "dev" | "test" | "prod" | "sandbox" | "other"; active?: boolean; approval?: boolean; - flow?: "public" | "authorization-code" | "client-credentials" | "kong-acl-only" | "kong-api-key-only" | "kong-api-key-acl"; + flow?: "public" | "protected-externally" | "authorization-code" | "client-credentials" | "kong-acl-only" | "kong-api-key-only" | "kong-api-key-acl"; additionalDetailsToRequest?: string; services?: GatewayServiceRefID[]; legal?: LegalRefID; diff --git a/src/lists/Environment.js b/src/lists/Environment.js index 7e16dea28..7f2f4052a 100644 --- a/src/lists/Environment.js +++ b/src/lists/Environment.js @@ -51,6 +51,7 @@ module.exports = { defaultValue: 'public', options: [ { value: 'public', label: 'Public' }, + { value: 'protected-externally', label: 'Protected Externally' }, { value: 'authorization-code', label: 'Oauth2 Authorization Code Flow', diff --git a/src/mocks/index.js b/src/mocks/index.js index c96fcc1a6..72afafb9a 100644 --- a/src/mocks/index.js +++ b/src/mocks/index.js @@ -1,5 +1,8 @@ /*eslint-disable */ -if (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') { +if ( + process.env.NEXT_PUBLIC_MOCKS === 'on' && + (process.env.NODE_ENV === 'development' || process.env.NODE_ENV === 'test') +) { if (typeof window === 'undefined') { const { server } = require('./server'); server.listen(); diff --git a/src/nextapp/.env.local b/src/nextapp/.env.local index 382b135d9..6b0c3e9e9 100644 --- a/src/nextapp/.env.local +++ b/src/nextapp/.env.local @@ -5,7 +5,7 @@ NEXT_PUBLIC_HELP_DESK_URL=https://dpdd.atlassian.net/servicedesk/customer/portal NEXT_PUBLIC_HELP_CHAT_URL=https://chat.developer.gov.bc.ca/channel/aps-ops NEXT_PUBLIC_HELP_ISSUE_URL=https://github.com/bcgov/api-services-portal/issues NEXT_PUBLIC_HELP_API_DOCS_URL=/ds/api/v2/console/ -NEXT_PUBLIC_HELP_SUPPORT_URL=https://bcgov.github.io/aps-infra-platform/ -NEXT_PUBLIC_HELP_RELEASE_URL=https://bcgov.github.io/aps-infra-platform/releases/ +NEXT_PUBLIC_HELP_SUPPORT_URL=https://mvp.developer.gov.bc.ca/docs/default/component/aps-infra-platform-docs/ +NEXT_PUBLIC_HELP_RELEASE_URL=https://mvp.developer.gov.bc.ca/docs/default/component/aps-infra-platform-docs/reference/releases/ NEXT_PUBLIC_HELP_STATUS_URL=https://uptime.com/s/bcgov-dss diff --git a/src/nextapp/components/access-request-form/access-request-form.tsx b/src/nextapp/components/access-request-form/access-request-form.tsx index ff6083e46..85ab40dc4 100644 --- a/src/nextapp/components/access-request-form/access-request-form.tsx +++ b/src/nextapp/components/access-request-form/access-request-form.tsx @@ -100,7 +100,9 @@ const AccessRequestForm: React.FC = ({ {dataset?.environments .filter((e) => e.active || preview) - .filter((e) => e.flow !== 'public') + .filter( + (e) => e.flow !== 'public' && e.flow !== 'protected-externally' + ) .map((e) => ( = ({ id, preview, }) => { - const isProtected = data.environments.some((e) => e.flow !== 'public'); + const isPublic = data.environments.some((e) => e.flow === 'public'); + const isGatewayProtected = data.environments.some( + (e) => e.flow !== 'public' && e.flow !== 'protected-externally' + ); const isTiered = data.environments.some((e) => e.anonymous); return ( @@ -49,9 +53,10 @@ const ApiProductItem: React.FC = ({ {data.name} @@ -63,7 +68,7 @@ const ApiProductItem: React.FC = ({ )} - {!isTiered && isProtected && ( + {!isTiered && isGatewayProtected && ( = ({ Limits - {data.description && ( - - Public access has a rate limit enforced. - - )} - For elevated access, please{' '} - + Public access has a rate limit enforced. + + + For elevated access, please request access. + )} diff --git a/src/nextapp/components/auth-action/help-menu.tsx b/src/nextapp/components/auth-action/help-menu.tsx index a8ef17936..72434d4f5 100644 --- a/src/nextapp/components/auth-action/help-menu.tsx +++ b/src/nextapp/components/auth-action/help-menu.tsx @@ -56,27 +56,27 @@ const HelpMenu: React.FC = () => { }, }} > - + - API Docs + Support Docs - APS Support + API Console { - + - Support Links + Contact Us - + = ({ if (flow === 'client-credentials' || flow === 'authorization-code') { return !credentialIssuer; } - return flow === 'public'; + return flow === 'public' || flow === 'protected-externally'; }, [flow, credentialIssuer]); const { data, isSuccess } = useCurrentNamespace(); @@ -182,4 +182,5 @@ const flowTypes: { value: string; label: string }[] = [ { value: 'kong-acl-only', label: 'Kong ACL Only' }, { value: 'kong-api-key-only', label: 'Kong API Key Only' }, { value: 'kong-api-key-acl', label: 'Kong API Key with ACL Flow' }, + { value: 'protected-externally', label: 'Protected Externally' }, ]; diff --git a/src/nextapp/components/environments-list/edit-environment.tsx b/src/nextapp/components/environments-list/edit-environment.tsx index 5f57ea927..485272580 100644 --- a/src/nextapp/components/environments-list/edit-environment.tsx +++ b/src/nextapp/components/environments-list/edit-environment.tsx @@ -36,6 +36,7 @@ const EditEnvironment: React.FC = ({ data }) => { { value: 'kong-acl-only', label: 'Kong ACL Only' }, { value: 'kong-api-key-only', label: 'Kong API Key Only' }, { value: 'kong-api-key-acl', label: 'Kong API Key with ACL Flow' }, + { value: 'protected-externally', label: 'Protected Externally' }, ]; return ( diff --git a/src/nextapp/components/support-links/support-links.tsx b/src/nextapp/components/support-links/support-links.tsx index 1744d507f..f9668d7a7 100644 --- a/src/nextapp/components/support-links/support-links.tsx +++ b/src/nextapp/components/support-links/support-links.tsx @@ -28,7 +28,7 @@ const SupportLinks: React.FC = ({ isOpen, onClose }) => { - Support Links + Contact Us = ({ isOpen, onClose }) => { target="_blank" rel="noopener noreferrer" > - Submit product and service requests using the Data Systems and - Services request system + Submit a support ticket @@ -64,16 +63,6 @@ const SupportLinks: React.FC = ({ isOpen, onClose }) => { - - - Create an issue in GitHub - - - diff --git a/src/nextapp/pages/devportal/index.tsx b/src/nextapp/pages/devportal/index.tsx index a3705b763..0e2635553 100644 --- a/src/nextapp/pages/devportal/index.tsx +++ b/src/nextapp/pages/devportal/index.tsx @@ -68,17 +68,19 @@ const HomePage: React.FC = () => { ) .map((action) => ( - - - - - {action.title} - - - -

- {action.description} -

+ + + + + + {action.title} + + + +

+ {action.description} +

+ ))} diff --git a/src/nextapp/pages/manager/index.tsx b/src/nextapp/pages/manager/index.tsx index 6fcea7753..8b7a95517 100644 --- a/src/nextapp/pages/manager/index.tsx +++ b/src/nextapp/pages/manager/index.tsx @@ -67,17 +67,19 @@ const HomePage: React.FC = () => { ) .map((action) => ( - - - - - {action.title} - - - -

- {action.description} -

+ + + + + + {action.title} + + + +

+ {action.description} +

+ ))} diff --git a/src/nextapp/shared/services/utils.ts b/src/nextapp/shared/services/utils.ts index 3af440537..98dd2741f 100644 --- a/src/nextapp/shared/services/utils.ts +++ b/src/nextapp/shared/services/utils.ts @@ -28,6 +28,8 @@ export const getAuthToken = (method: string): IconType => { return FaLock; case 'client-credentials': return FaLock; + case 'protected-externally': + return FaLock; // case 'private': // return FaUserSecret; case 'public': @@ -39,6 +41,7 @@ export const getAuthToken = (method: string): IconType => { export const getFlowText = (key: string): string => { const dict = { public: 'Public', + 'protected-externally': 'Protected Externally', 'authorization-code': 'OAuth2 Authorization Code Flow', 'client-credentials': 'OAuth2 Client Credentials Flow', 'kong-acl-only': 'Kong ACL Only', diff --git a/src/package.json b/src/package.json index d8f6d2ba5..b2d695cde 100644 --- a/src/package.json +++ b/src/package.json @@ -34,7 +34,7 @@ "x-prestart": "npm run build", "x-dev": "nodemon", "batch": "cross-env NODE_ENV=development node dist/server-batch.js", - "dev": "cross-env NODE_ENV=development NODE_OPTIONS='--openssl-legacy-provider --no-experimental-fetch' npm-run-all delete-assets copy-assets tsoa-gen-types tsoa-build-v1 tsoa-build-v2 ts-build ks-dev", + "dev": "cross-env NODE_ENV=development NODE_OPTIONS='--openssl-legacy-provider --no-experimental-fetch --dns-result-order=ipv4first' npm-run-all delete-assets copy-assets tsoa-gen-types tsoa-build-v1 tsoa-build-v2 ts-build ks-dev", "ks-dev": "cross-env NODE_ENV=development DISABLE_LOGGING=true keystone dev --entry=dist/server.js", "dev2": "cross-env NODE_ENV=development DISABLE_LOGGING=true keystone --entry=dist/index.js", "mock-server": "nodemon ./test/mock-server/server.js", diff --git a/src/server.ts b/src/server.ts index 749847e3e..e2b5222ac 100644 --- a/src/server.ts +++ b/src/server.ts @@ -91,14 +91,15 @@ const state = { connected: false }; const keystone = new Keystone({ onConnect(keystone: any) { - if (process.env.NODE_ENV === 'development') { - generateTypes(); - } if (process.env.CREATE_TABLES !== 'true') { initialiseData(keystone); } console.log('CONNECTED!'); state.connected = true; + + if (process.env.NODE_ENV === 'development') { + setTimeout(() => generateTypes, 2000); + } }, adapter: adapter == 'knex' diff --git a/src/services/workflow/validate-active-environment.ts b/src/services/workflow/validate-active-environment.ts index 77c28f30a..1476feeee 100644 --- a/src/services/workflow/validate-active-environment.ts +++ b/src/services/workflow/validate-active-environment.ts @@ -218,7 +218,7 @@ export const ValidateActiveEnvironment = async ( '] missing or incomplete oidc plugin.' ); } - } else if (flow == 'public') { + } else if (flow == 'public' || flow == 'protected-externally') { } else { addValidationError( 'Unexpected error when trying to validate the environment.'