diff --git a/nd/auth/Dockerfile.auth b/nd/auth/Dockerfile.auth new file mode 100644 index 0000000..f06e484 --- /dev/null +++ b/nd/auth/Dockerfile.auth @@ -0,0 +1,16 @@ +# for keycloak v16, you can use this command to get the entire realm with users and passwords +# by setting the passwords as you want them to be in the running docker container +# then running this command +# docker exec -it kc /opt/jboss/keycloak/bin/standalone.sh \ +# -Djboss.socket.binding.port-offset=100 -Dkeycloak.migration.action=export \ +# -Dkeycloak.migration.provider=singleFile \ +# -Dkeycloak.migration.realmName=PORI \ +# -Dkeycloak.migration.usersExportStrategy=REALM_FILE \ +# -Dkeycloak.migration.file=/keys/PORI.json +FROM jboss/keycloak:16.1.1 +USER root +RUN mkdir -p /tmp/realm_data/ +COPY auth/kc_setup_keyfile.sh /scripts/kc_setup_keyfile.sh +RUN chmod a+x /scripts/kc_setup_keyfile.sh +COPY auth/PORI.json /tmp/realm_data/PORI.json +ENV KEYCLOAK_IMPORT=/tmp/realm_data/PORI.json diff --git a/nd/auth/PORI.json b/nd/auth/PORI.json new file mode 100644 index 0000000..b830dce --- /dev/null +++ b/nd/auth/PORI.json @@ -0,0 +1,2051 @@ +{ + "id" : "PORI", + "realm" : "PORI", + "notBefore" : 0, + "defaultSignatureAlgorithm" : "RS256", + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 28800, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "oauth2DeviceCodeLifespan" : 600, + "oauth2DevicePollingInterval" : 5, + "enabled" : true, + "sslRequired" : "external", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : false, + "loginWithEmailAllowed" : false, + "duplicateEmailsAllowed" : true, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "0985a256-6f5f-4895-9a67-6f6571c5681f", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "PORI", + "attributes" : { } + }, { + "id" : "f8755b6e-46eb-4ca6-bebd-2e827fb6fa05", + "name" : "default-roles-pori", + "description" : "${role_default-roles}", + "composite" : true, + "composites" : { + "realm" : [ "offline_access", "uma_authorization" ], + "client" : { + "account" : [ "view-profile", "manage-account" ] + } + }, + "clientRole" : false, + "containerId" : "PORI", + "attributes" : { } + }, { + "id" : "e6e8831e-4ae6-4e62-8369-37a0b775bfc5", + "name" : "admin", + "composite" : false, + "clientRole" : false, + "containerId" : "PORI", + "attributes" : { } + }, { + "id" : "7cb4c7eb-3ccc-4448-ac68-a27935e0927d", + "name" : "GraphKB", + "description" : "Access to the GraphKB web applications", + "composite" : false, + "clientRole" : false, + "containerId" : "PORI", + "attributes" : { } + }, { + "id" : "bf92e209-1896-4adf-ab73-efc8bb716f84", + "name" : "IPR", + "description" : "Access to the IPR web application", + "composite" : false, + "clientRole" : false, + "containerId" : "PORI", + "attributes" : { } + }, { + "id" : "f83a5b57-ce96-4932-9295-df3ad7e2489c", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "PORI", + "attributes" : { } + } ], + "client" : { + "realm-management" : [ { + "id" : "d9cebbbc-856d-48e2-b6bc-432dff1765f7", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "c644fec5-3274-41ff-baec-5110f8db842a", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "9254504b-2cba-42e6-b23b-d3b32b486ffa", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "0a744eca-673c-4598-97e2-ea0b8f44c79b", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "5bd9794b-ab37-4357-adc3-a873e1f9ff2e", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "f59c595c-0e04-42a8-87d2-4e92c2bc8a91", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "8dd6ce2d-76cd-43fb-8b85-66c0d85b7e1f", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "1ab6c9f4-438e-4e92-b2ff-8d613d19333d", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "8050e61e-ad87-4c50-a74b-64158bf24351", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "c96d3c70-8168-4dd9-a72e-cfd20a45eb7f", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "manage-identity-providers", "query-users", "manage-users", "view-clients", "query-clients", "query-realms", "view-realm", "manage-events", "view-identity-providers", "manage-authorization", "view-events", "manage-clients", "impersonation", "query-groups", "view-authorization", "view-users", "manage-realm", "create-client" ] + } + }, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "583350f3-fd2a-48cb-8c28-333a21aad243", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "73b49480-5796-4def-ae6f-dc940a26bef9", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "2416f8da-7a8a-4b21-a002-4b2d9c061892", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "222f3776-feb2-4415-aa00-acc3ee706990", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "4d5da0f4-dfaf-4a48-aba0-676e5b0c4476", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "179ea605-3fc3-4988-92a2-5130f63bcd2c", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "dae56acd-519f-4c00-bd91-b33b6960f871", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-users", "query-groups" ] + } + }, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "dce777b4-6273-4df1-ab9a-ee3c2521db20", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "d5da36d6-fc8e-4472-9d39-1db9f6383a5d", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + } ], + "security-admin-console" : [ ], + "admin-cli" : [ ], + "IPR" : [ ], + "GraphKB" : [ { + "id" : "7e1dc7b3-5a9e-43ba-ba4b-8beae463fc44", + "name" : "uma_protection", + "composite" : false, + "clientRole" : true, + "containerId" : "c4dfdf5a-ec62-419d-a646-5f35b0f8f680", + "attributes" : { } + }, { + "id" : "bd6b8dc0-2228-4655-a96a-740fc768945a", + "name" : "admin", + "description" : "Administrative Access to the GraphKB application", + "composite" : false, + "clientRole" : true, + "containerId" : "c4dfdf5a-ec62-419d-a646-5f35b0f8f680", + "attributes" : { } + } ], + "account-console" : [ ], + "broker" : [ { + "id" : "a30f3ba9-b728-44a4-944b-50a0dbcbd479", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "90dbac95-e2f8-45b7-ab82-069e15961525", + "attributes" : { } + } ], + "2fa" : [ ], + "account" : [ { + "id" : "cbfec8f9-a6db-4dcc-8e3f-8ad77bf1cc18", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "d5c12dcc-0aee-407c-a7cf-642edb2779fe", + "attributes" : { } + }, { + "id" : "33dbc5e9-0849-4128-824f-64fd55d6e1e5", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } + }, + "clientRole" : true, + "containerId" : "d5c12dcc-0aee-407c-a7cf-642edb2779fe", + "attributes" : { } + }, { + "id" : "9a32fbde-14b7-42a2-9db2-193305173b80", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, + "clientRole" : true, + "containerId" : "d5c12dcc-0aee-407c-a7cf-642edb2779fe", + "attributes" : { } + }, { + "id" : "144cfa9f-db2f-4794-be65-1f4f46e14363", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "d5c12dcc-0aee-407c-a7cf-642edb2779fe", + "attributes" : { } + }, { + "id" : "9e79f9af-56ca-44c0-b40e-5fae8b8baa9b", + "name" : "delete-account", + "description" : "${role_delete-account}", + "composite" : false, + "clientRole" : true, + "containerId" : "d5c12dcc-0aee-407c-a7cf-642edb2779fe", + "attributes" : { } + }, { + "id" : "8c2ab5dd-9306-4362-b753-5bf0de31bc52", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "d5c12dcc-0aee-407c-a7cf-642edb2779fe", + "attributes" : { } + }, { + "id" : "1b1523d0-e705-4556-bbdb-736e4f2be166", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "d5c12dcc-0aee-407c-a7cf-642edb2779fe", + "attributes" : { } + } ] + } + }, + "groups" : [ { + "id" : "e2033a9f-fc05-4781-84da-e0f9302baec8", + "name" : "allusers", + "path" : "/allusers", + "attributes" : { }, + "realmRoles" : [ ], + "clientRoles" : { }, + "subGroups" : [ ] + } ], + "defaultRole" : { + "id" : "f8755b6e-46eb-4ca6-bebd-2e827fb6fa05", + "name" : "default-roles-pori", + "description" : "${role_default-roles}", + "composite" : true, + "clientRole" : false, + "containerId" : "PORI" + }, + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ], + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "users" : [ { + "id" : "5db8d738-b2b7-418a-b0f2-e5f08766675c", + "createdTimestamp" : 1645217918593, + "username" : "colab_demo", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "d6f05740-36ab-48d3-8416-308127e1f68e", + "type" : "password", + "createdDate" : 1645217918770, + "secretData" : "{\"value\":\"xvMGre9JyjVwatelekskEsxM16fT/pStFkphLpENT+8nvvjb5XcDuo7vgecVD3FcfRdSvRy2v+vqjTcpSXhLQQ==\",\"salt\":\"h3LOGZ8Tn/n2lI31o/zWRQ==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-pori", "GraphKB", "IPR" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "5a4bebec-fe7b-4bff-a21a-f747a644f93f", + "createdTimestamp" : 1645217918160, + "username" : "graphkb_importer", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "6fef9f6a-e979-4902-978a-fa4b8cbb343c", + "type" : "password", + "createdDate" : 1645217918336, + "secretData" : "{\"value\":\"YKf46iMdF4vzd48OrOYLEoLVh8kqqznfOXBH9xGYVaa+ApvjtIGmkvvOI3/dZ+sNQXu80XJIXQ7a2yGzVWJzKg==\",\"salt\":\"ExA97QOwMKFvzeLaexK6Xg==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-pori", "GraphKB", "IPR" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "8a84863a-f8a1-4a7d-a1cf-d248f4aab314", + "createdTimestamp" : 1645217918364, + "username" : "ipr_graphkb_link", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "af973256-df69-4f0d-bf46-f887239a5781", + "type" : "password", + "createdDate" : 1645217918542, + "secretData" : "{\"value\":\"ZU7TFar//M3DRPKGT132REBaiJ0AngU+UdM6XsrrGcfTyOAPO3qtp2s7yRcdoH+XqhtPLd1rxcPJVEmFDO06Cw==\",\"salt\":\"y2duZYEwBq+tDRf5HwoCdA==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-pori", "GraphKB", "IPR" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "d09f87fd-1b30-4e49-a89f-bbaea5ee31c9", + "createdTimestamp" : 1612555868634, + "username" : "iprdemo", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "firstName" : "ipr", + "lastName" : "demo", + "credentials" : [ { + "id" : "24449f8e-cb4a-47d0-be42-43f0dc8f0f73", + "type" : "password", + "createdDate" : 1612556446213, + "secretData" : "{\"value\":\"CwvQRbm9zgUa0OA6v+L8uEdd/jK7iJNq6kZApvTAcUpOOVaLtTVoAuvc9VzR/7p6lcdts82DNlzHINitpRcA2A==\",\"salt\":\"YkITGCVovcQgZvOlfPXdpw==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "uma_authorization", "default-roles-pori", "GraphKB", "IPR", "offline_access" ], + "clientRoles" : { + "account" : [ "view-profile", "manage-account" ] + }, + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "dbcb2359-bfcc-491f-abe7-4fb2e0e5cd33", + "createdTimestamp" : 1645217917933, + "username" : "pori_admin", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "ae8c5409-1cdf-4338-a1a7-b5662f85bf7d", + "type" : "password", + "createdDate" : 1702175924264, + "secretData" : "{\"value\":\"R6SfMyw3k7aXKzo3L879w6EO7yUzhKogpFwTJFVHX+s0A0QgzVEaFeotJvASI2QvD9QfP1cQmo8SGYELmbeiKw==\",\"salt\":\"049VA4ZOIO+scAifdL447g==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-pori", "admin", "GraphKB", "IPR" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "becc9cf6-043c-408c-a8a0-14ec40e536d5", + "createdTimestamp" : 1645217878730, + "username" : "service-account-graphkb", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "serviceAccountClientId" : "GraphKB", + "credentials" : [ ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-pori" ], + "notBefore" : 0, + "groups" : [ ] + } ], + "scopeMappings" : [ { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account" ] + } ] + }, + "clients" : [ { + "id" : "54b10b5c-dd42-4090-941c-a275e3b9b6b4", + "clientId" : "2fa", + "baseUrl" : "", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "redirectUris" : [ "*" ], + "webOrigins" : [ "*" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "saml.assertion.signature" : "false", + "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", + "saml.encrypt" : "false", + "saml.server.signature" : "false", + "saml.server.signature.keyinfo.ext" : "false", + "exclude.session.state.from.auth.response" : "false", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "saml.onetimeuse.condition" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "c4dfdf5a-ec62-419d-a646-5f35b0f8f680", + "clientId" : "GraphKB", + "rootUrl" : "", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "redirectUris" : [ "http://0.0.0.0:3000/*", "http://localhost:3000/*", "http://localhost:5000/*", "https://pori-demo.bcgsc.ca/*", "http://0.0.0.0:5000/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : true, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "saml.assertion.signature" : "false", + "access.token.lifespan" : "86400", + "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", + "saml.encrypt" : "false", + "backchannel.logout.revoke.offline.tokens" : "false", + "saml.server.signature" : "false", + "saml.server.signature.keyinfo.ext" : "false", + "exclude.session.state.from.auth.response" : "false", + "backchannel.logout.session.required" : "false", + "client_credentials.use_refresh_token" : "false", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "saml.onetimeuse.condition" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "protocolMappers" : [ { + "id" : "436d7b81-3eae-44d4-81bf-715097413945", + "name" : "Client ID", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "clientId", + "userinfo.token.claim" : "true", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "clientId", + "jsonType.label" : "String" + } + }, { + "id" : "f3c0ec9c-b730-45b4-bcf9-e2dca811b7af", + "name" : "Client Host", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "clientHost", + "userinfo.token.claim" : "true", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "clientHost", + "jsonType.label" : "String" + } + }, { + "id" : "e0b7f359-c6b1-4a94-b702-805ab945f5f9", + "name" : "Client IP Address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "clientAddress", + "userinfo.token.claim" : "true", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "clientAddress", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "01d64c4b-6797-4d0a-80bb-50565b5ae493", + "clientId" : "IPR", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "redirectUris" : [ "http://0.0.0.0:3000/*", "http://localhost:3000/*", "http://localhost:5000/*", "https://pori-demo.bcgsc.ca/*", "http://0.0.0.0:5000/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "saml.assertion.signature" : "false", + "access.token.lifespan" : "86400", + "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", + "saml.encrypt" : "false", + "saml.server.signature" : "false", + "saml.server.signature.keyinfo.ext" : "false", + "exclude.session.state.from.auth.response" : "false", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "saml.onetimeuse.condition" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "d5c12dcc-0aee-407c-a7cf-642edb2779fe", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/PORI/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "redirectUris" : [ "/realms/PORI/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "a88d4e2c-e6b3-4cf8-9b31-1320441cdca4", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/PORI/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "redirectUris" : [ "/realms/PORI/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "1602f606-94bc-49e7-93f3-2332379d6657", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "0002685a-6e7a-4d5e-8281-fd45217b4b04", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "90dbac95-e2f8-45b7-ab82-069e15961525", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "clientId" : "realm-management", + "name" : "${client_realm-management}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access" ] + }, { + "id" : "f5884b4f-c044-443d-b386-3ef48c0cca6a", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/PORI/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "redirectUris" : [ "/admin/PORI/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "f9f9b31b-fa62-4f95-bbc6-8e57abe45b44", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + } ], + "clientScopes" : [ { + "id" : "dfc63d4d-8582-4a21-b289-e3c351b10356", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "3b461783-0a10-49a7-b4f2-a38ef20ac4ce", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "2b631976-8c69-46e7-9974-86aac77aefa3", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "173cbd36-cca3-4970-a64f-c32b4246aee8", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { } + } ] + }, { + "id" : "d297b787-a825-4426-b3db-db0d38ebd7df", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${phoneScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "b0c6137e-fd49-4688-9311-b212e9d13a38", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + }, { + "id" : "3231d2f7-29fb-4c32-ab64-5d3a90fe9e3b", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + } ] + }, { + "id" : "fd8b65bc-48b8-4222-bb0c-0b4cc8ff6f60", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${emailScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "1201f82f-b125-4b00-a661-aed3ee53d80e", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + }, { + "id" : "114943e3-49fb-4852-a968-b2c90e3c08aa", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + } ] + }, { + "id" : "93d88027-3cc9-46ca-b846-22d06897457d", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "d720e221-a69d-415e-80c7-01f3faf9a46b", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + }, { + "id" : "2e304196-66a7-4179-a0ef-89de948015f7", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "multivalued" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "1b050b28-b9f2-4e09-9cec-00e041b88d5d", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + }, { + "id" : "80d6cc08-e4d0-446b-ac1f-40689162613c", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${addressScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "e6f74644-e527-4c58-adb1-fe34dac63681", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + }, { + "id" : "789237c5-6d88-41a0-a7e1-530368d6265e", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${profileScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "e7653223-8515-4a41-b939-89d2e962bdee", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + }, { + "id" : "77756ec1-381b-43a8-acaf-8665cf6c26cf", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "f5cbb3f3-3806-4e4c-973f-44af4c026729", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + }, { + "id" : "5a107cad-90ca-4313-ad8f-2d49369bf61f", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "String" + } + }, { + "id" : "c141e6f9-dc4e-4b5d-a2b9-4514ea0b2b4a", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + }, { + "id" : "c310863a-f1c8-4273-85ee-e867e6cd9bc1", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + }, { + "id" : "1721856b-1b78-486c-be85-828b9ffbe1ca", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + }, { + "id" : "d878c38a-f206-4e37-bea0-3e3f80d4c94c", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + }, { + "id" : "8c297079-e409-4021-98f0-98d8626ad888", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + }, { + "id" : "bbad21ce-2618-4181-ac6f-bfae14e960e5", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "34e08486-d9b4-4165-9e93-593b5b95a17e", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "ef031999-432c-48c5-b3bf-eb420476f801", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + }, { + "id" : "95d05c4d-3ae6-4061-b32a-5990bd15e507", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + }, { + "id" : "c5199596-dfee-48d1-90f8-2c3f605f6a04", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "c0b1342a-9c37-46b1-8dce-7dc503db61d0", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${rolesScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "0d4e2d2a-05df-4fd9-beff-218d89dd3adb", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "c606f563-6147-4bc7-b9e8-e1591e2e8669", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "05fe3edf-da15-48cb-bf46-fda14d60907b", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ] + } ], + "defaultDefaultClientScopes" : [ "web-origins", "profile", "roles", "role_list", "email" ], + "defaultOptionalClientScopes" : [ "offline_access", "address", "microprofile-jwt", "phone" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection" : "1; mode=block", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "loginTheme" : "keycloak", + "accountTheme" : "keycloak", + "adminTheme" : "keycloak", + "eventsEnabled" : true, + "eventsExpiration" : 2592000, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ "TOKEN_EXCHANGE", "LOGIN_ERROR", "CLIENT_LOGIN", "CODE_TO_TOKEN", "LOGIN" ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "identityProviders" : [ ], + "identityProviderMappers" : [ ], + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "1dcc5b4d-d3f7-41e8-a842-f339d461af8d", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "950012dc-46e4-4349-9520-3b4e633dca40", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "58a6669f-bb9b-4377-853b-c6415c2248bd", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "6f540ac1-f39e-402f-8bcf-1b0cb139efc4", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "e1223b7e-4725-4711-825f-22a1e26aca7f", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "saml-user-attribute-mapper" ] + } + }, { + "id" : "3f730dc2-0620-4c6a-9203-65147c847f09", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-address-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper" ] + } + }, { + "id" : "371c7fa1-594b-41f2-8062-cc31aff8ad80", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + }, { + "id" : "4b990959-ff0e-4438-a389-6df3d43c4438", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "18891d36-57af-486c-bfcb-480fcea516a0", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEpAIBAAKCAQEArQHoUyGJa2uiBnpXh9renYNIQlOJVQNbY+rhTa5+HBm9BXH8O9/LYUdh717OQ+naATZ6K8Sc35lxlEzZ0Nw/Xj3+PSNbdEJ7uCxoo82xxbA5wcrMHrJyNnTSMSQd5k9diMJEAJ3PDyqgsTOaNf6N68/QCXu+orj+OXe7emy9IOVsP3ZgaA74iKzJTIHT4nJrPxQ6ip6pYxehwAPP+N1nDZunKxpnMurAn85QR+aqJhfxa3ZtcmRPu2+6/hjRM315yeyyQjYDwlXXKEhi3Rg/62UP9F73yXpff83F0oTEfmdrDAqW6V+6n4a0cUszbSeLhGMBFOg4UsvrfTIptCbkHwIDAQABAoIBAEkaQTy/Mv284R2znEC/bslHq8S635CYdollugXE8WyWQ5SFcXsrORjFvNAUUzvHGGLizgSoc1DX2XI8dt0V84Cy2TakNgSOAxDzUtPEGpXZvM3yDwX5iOERw68X/7pNVsxuqaVJCTDzZir6DvM5uGYnzVP0gbzoRiOqQAGe6Nt44SXNK1MDGO3y2Pl2neNgnX3G34MNlvZUXXPRJOjDFhpNy6l+muqAAR4aSmjBkuOHBUp9otJH9ww9Rtb2Dp6KvcjbSWej2o/nVLqBrC6uH+O+jiIk3wbESBIcWNhPP39f7HwgHdsnCxxpAO2HmkOQBOJSIEUqc6iexK+jAgGHLkECgYEA+d/KD2y7DuIdVLc7h9rqYL2DOGYA86fmXMj1W3JcVQQJX5DU2PXvWUACN+NoYM6m99afZieqGS/ynaAbnLW5CM/SsRHm2p0K6yA/lXweZn6YxFmnNgwQrkdN2vAixxHdQb36OP+1OkCQ45dcimcHwXi/0uU6Yd+Ym4z7pRpNY0kCgYEAsT+z2Xdw8Oz4CigxVhskyJbAZwnoWagByppBElSoWg7cN8hTWD1mFuPjiOOWZkkKBSRAVIpEY2XEmiEdXIh6e18dt/Hg3xSijfEfaHZKgxBLAJG0TpfZc3tjrQODrckjb+7NdHno3NvCsxjwLaKrMWC7vzijvCrGU1Fuc2aypCcCgYEAoWlV3pbvUxLvvYzL0NuycaGaRXFnBf6cya0rCdKbIHQGFgy54hkkbzPw+udUwsxbgVfMCjJvJ+wYPohxrc6Z475ULPwSc3/k0LQ5Prg57x2yU4xSfpBWqi33dgmPfabllZVCMVXFXQbeUZayOdmKYgk9aN+Y0iadL0ZoPGP8P7kCgYAMKkUbvdjgkEMN32hTcpV5tu8Jo2JxFNjaoO+qZGkRlUeEBJnDyqMBGy74rDYcWxL2+1/27W54K/nsYi1ztmJBqWuOvmkipnXprAztzICcsjeTmGx5oG5qQKO8sisNeGqYOhmbzuoujl60kBeb6jg5sVvxad/DAGSQP1yHSxsjrQKBgQCTS6Q8gqMgNGZdboLFH5f22aP1ArHdWNOuqQal14B1aKhzrogfhlqeB0fBzoFtIGC10zoneWh1KknhHGkjEvsv5j5W+KxTX7wZgNVI03jzjLfwLOfBFoUFD80yKCjz7kmRdTK4xhC3Xi7+dHgaGsDbXdc/CIQb28bTaf7SAkkYIw==" ], + "certificate" : [ "MIIClzCCAX8CBgF/DqCSBjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARQT1JJMB4XDTIyMDIxODIwNTYxOFoXDTMyMDIxODIwNTc1OFowDzENMAsGA1UEAwwEUE9SSTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK0B6FMhiWtrogZ6V4fa3p2DSEJTiVUDW2Pq4U2ufhwZvQVx/Dvfy2FHYe9ezkPp2gE2eivEnN+ZcZRM2dDcP149/j0jW3RCe7gsaKPNscWwOcHKzB6ycjZ00jEkHeZPXYjCRACdzw8qoLEzmjX+jevP0Al7vqK4/jl3u3psvSDlbD92YGgO+IisyUyB0+Jyaz8UOoqeqWMXocADz/jdZw2bpysaZzLqwJ/OUEfmqiYX8Wt2bXJkT7tvuv4Y0TN9ecnsskI2A8JV1yhIYt0YP+tlD/Re98l6X3/NxdKExH5nawwKlulfup+GtHFLM20ni4RjARToOFLL630yKbQm5B8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEArHZrkAkTY/I33YQ7+PuR0foxvBzVvnL/LvGLp5uQ+IvbuUNNjXx6+fd5aC6CJ+UzwVmU9U73uEDMNFfot4W1eLkxED+2tMdWCuOAr+VuCvkbgTa+mSFGqKTGhh/2Ea7VGsSQH0AZfBP2Z3pGya8Kmq5bUHW0qdKrhKU4trRSgdh7npEZo276KTGiPSAADsAWszE/l3ujKwgflzgba9DQKsuzn+TH7UlmjhDTYMxLCB9dYV5mZxoB4BhNO3Y6XK5nLR+kNxX1/8vi7O/2DYc+yA9xlg00eboXWrjndb1NtTJFxCIlAM5JNRIoKJIqoyFGboqNtaViMHkI6fymKB33wQ==" ], + "priority" : [ "100" ] + } + }, { + "id" : "0087ee0d-e52a-446f-888a-4ec1d2e551cc", + "name" : "hmac-generated", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "03087aed-654e-4e04-8b0a-50a88d8ab458" ], + "secret" : [ "cXobdhu0D-gJph2JKBN4Q2g83agem-XPkITV_nSdFA26MX51PhwogBaLL9tN3JK3Xpkkqy6jgtMCwlpEL5MfoQ" ], + "priority" : [ "100" ], + "algorithm" : [ "HS256" ] + } + }, { + "id" : "1fd252b2-b205-4fda-ab3a-52f8c8298dc2", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "2035a547-b4b7-427d-a21c-86214de43615" ], + "secret" : [ "vX6-MCLwyomyrZzz6Xt_Jg" ], + "priority" : [ "100" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ "" ], + "authenticationFlows" : [ { + "id" : "568e79fd-4db5-4842-a077-b0a06d156455", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "flowAlias" : "Handle Existing Account - Alternatives - 0", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "ab62327a-262d-4099-8e06-9bbed90415d4", + "alias" : "Handle Existing Account - Alternatives - 0", + "description" : "Subflow of Handle Existing Account with alternative executions", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "31e14fad-43e2-4d5b-b9ba-b7ac8aaba65c", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "flowAlias" : "Verify Existing Account by Re-authentication - auth-otp-form - Conditional", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "ce8230d6-e502-4d0e-bb3f-650d065fbb61", + "alias" : "Verify Existing Account by Re-authentication - auth-otp-form - Conditional", + "description" : "Flow to determine if the auth-otp-form authenticator should be used or not.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "9bbd5f63-ca20-4233-a7ba-f56da68d03d6", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "identity-provider-redirector", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 25, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "flowAlias" : "forms", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "0533ba76-3922-435e-97b5-62a01f05f105", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "client-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "client-secret-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "client-x509", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 40, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "abf3e4aa-bd07-463b-829e-bfcf6da501e3", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "direct-grant-validate-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 30, + "flowAlias" : "direct grant - direct-grant-validate-otp - Conditional", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "ee151a54-970d-451e-b7ea-39881b95e1d1", + "alias" : "direct grant - direct-grant-validate-otp - Conditional", + "description" : "Flow to determine if the direct-grant-validate-otp authenticator should be used or not.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "6e6e9711-da61-4233-a83f-6a64adc4cd3c", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "db8d26d9-643e-4378-ae44-924de1914055", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "flowAlias" : "first broker login - Alternatives - 0", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "92ceb835-aaea-422e-831b-f2ff032eebc3", + "alias" : "first broker login - Alternatives - 0", + "description" : "Subflow of first broker login with alternative executions", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "f14dc633-8645-4944-a1ed-79c164a592a2", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "flowAlias" : "forms - auth-otp-form - Conditional", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "d81f6c1f-13e7-4543-aa56-f40be0ddf141", + "alias" : "forms - auth-otp-form - Conditional", + "description" : "Flow to determine if the auth-otp-form authenticator should be used or not.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "9e9ebb23-209f-4b7c-9967-26ea9b28f045", + "alias" : "http challenge", + "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "no-cookie-redirect", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "basic-auth", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "basic-auth-otp", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 30, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 40, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "72eb8036-2849-4d77-8986-54dbe2aa2357", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 10, + "flowAlias" : "registration form", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "a67c73b8-4972-4c4c-a890-7e307b76b32b", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-profile-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 40, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-password-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 50, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-recaptcha-action", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 60, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "b2a317d6-b298-4e08-b8f5-6379dbe3a942", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-credential-email", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 30, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 40, + "flowAlias" : "reset credentials - reset-otp - Conditional", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "e76e9c8d-10a7-4241-8f7b-cd9f9d077b45", + "alias" : "reset credentials - reset-otp - Conditional", + "description" : "Flow to determine if the reset-otp authenticator should be used or not.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "a27f4385-55b5-46f0-904b-3714bc399db1", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "96283718-4719-486a-9674-bcec9f8b636b", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "238ba828-ac74-4cd9-9890-c5461709accb", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "terms_and_conditions", + "name" : "Terms and Conditions", + "providerId" : "terms_and_conditions", + "enabled" : false, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "delete_account", + "name" : "Delete Account", + "providerId" : "delete_account", + "enabled" : false, + "defaultAction" : false, + "priority" : 60, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "attributes" : { + "cibaBackchannelTokenDeliveryMode" : "poll", + "cibaExpiresIn" : "120", + "cibaAuthRequestedUserHint" : "login_hint", + "oauth2DeviceCodeLifespan" : "600", + "clientOfflineSessionMaxLifespan" : "0", + "oauth2DevicePollingInterval" : "5", + "clientSessionIdleTimeout" : "0", + "parRequestUriLifespan" : "60", + "clientSessionMaxLifespan" : "0", + "clientOfflineSessionIdleTimeout" : "0", + "cibaInterval" : "5" + }, + "keycloakVersion" : "16.1.1", + "userManagedAccessAllowed" : false, + "clientProfiles" : { + "profiles" : [ ] + }, + "clientPolicies" : { + "policies" : [ ] + } +} \ No newline at end of file diff --git a/nd/auth/kc_setup_keyfile.sh b/nd/auth/kc_setup_keyfile.sh new file mode 100755 index 0000000..34f0099 --- /dev/null +++ b/nd/auth/kc_setup_keyfile.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +if [ "$#" -ne 5 ]; +then + echo "Given: $@" + echo "" + echo "Argument Error:" + echo "$0 " + exit 1 +fi + +echo "KEYCLOAK_URL=$1" +KEYCLOAK_URL=$1 +echo "KEYCLOAK_USER=$2" +KEYCLOAK_USER=$2 +echo "KEYCLOAK_PASSWORD=$3" +KEYCLOAK_PASSWORD=$3 +echo "KEYCLOAK_REALM=$4" +KEYCLOAK_REALM=$4 +echo "KEYFILE=$5" +KEYFILE=$5 + + +# Get the Admin user token +echo "POST ${KEYCLOAK_URL}/realms/master/protocol/openid-connect/token" +auth_resp=$(curl -X POST "${KEYCLOAK_URL}/realms/master/protocol/openid-connect/token" \ + -H "Content-Type: application/x-www-form-urlencoded" \ + -d "username=${KEYCLOAK_USER}" \ + -d "password=${KEYCLOAK_PASSWORD}" \ + -d 'grant_type=password' \ + -d 'client_id=admin-cli') + +token=$( echo $auth_resp | grep -o '"access_token":[^,][^,]*' | sed 's/^"access_token":\s*"//' | sed 's/"$//' ) + +if [ "$token" = "" ]; +then + echo "FAILED to get authorization token" + exit 1 +fi + +# Now fetch the public key file +resp=$(curl -X GET "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/keys" \ + -H 'Content-Type: application/json' \ + -H "Accept: application/json" \ + -H "Authorization: Bearer $token" ) +# echo $resp + +key=$( echo $resp | grep -o '"publicKey":[^,][^,]*' | sed 's/^"publicKey":\s*"//' | sed 's/"$//' ) +echo "writing: $KEYFILE" +echo "-----BEGIN PUBLIC KEY-----" > $KEYFILE +echo "$key" >> $KEYFILE +echo "-----END PUBLIC KEY-----" >> $KEYFILE \ No newline at end of file diff --git a/nd/docker-compose.yml b/nd/docker-compose.yml new file mode 100644 index 0000000..9659097 --- /dev/null +++ b/nd/docker-compose.yml @@ -0,0 +1,208 @@ +# This version of the docker-compose sets up the servers using http only for testing locally and +# therefore does not require the top level apache server to configure the URLs +version: '3.2' +services: + keycloak: + build: + context: . + dockerfile: ./auth/Dockerfile.auth + environment: + KEYCLOAK_USER: $KEYCLOAK_ADMIN_USER + KEYCLOAK_PASSWORD: $KEYCLOAK_ADMIN_PASS + PROXY_ADDRESS_FORWARDING: "true" + JAVA_OPTS_APPEND: "-Djboss.socket.binding.port-offset=808" + ports: + - 8888:8888 + networks: + - app-network + healthcheck: + # test fetching public key from PORI realm + test: ["CMD", "bash", "/scripts/kc_setup_keyfile.sh", $KEYCLOAK_AUTH_URL, "admin", $KEYCLOAK_ADMIN_PASS, "PORI", "/keys/keycloak.key"] + interval: 45s + timeout: 10s + retries: 5 + volumes: + - source: ./keys + target: /keys + type: bind + graphkb_db: + image: orientdb:3.0 + environment: + # customize settings below + ORIENTDB_ROOT_PASSWORD: root + ports: + - 2424:2424 + - 2480:2480 + networks: + - app-network + volumes: + - source: $GRAPHKB_DB_DATA + target: /orientdb/databases + type: bind + - source: $GRAPHKB_DB_BACKUP + target: /orientdb/backup + type: bind + graphkb_api: + image: bcgsc/pori-graphkb-api:latest + ports: + - 8080:8080 + environment: + GKB_DB_CREATE: 1 + GKB_DB_HOST: graphkb_db + GKB_DB_NAME: graphkb + GKB_KEYCLOAK_KEY_FILE: /keys/keycloak.key + KEY_PASSPHRASE: '' + # customize settings below + GKB_CORS_ORIGIN: '^.*$$' + GKB_DBS_PASS: $GKB_DBS_PASS + GKB_KEYCLOAK_URI: http://keycloak:8888/auth/realms/PORI/protocol/openid-connect/token #$KEYCLOAK_TOKEN_URI + depends_on: + - graphkb_db + - keycloak + networks: + - app-network + restart: always + volumes: + - source: ./keys + target: /keys + type: bind + read_only: true + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:8080/api/version"] + interval: 30s + timeout: 10s + retries: 5 + graphkb_client: + image: bcgsc/pori-graphkb-client:latest + environment: + KEYCLOAK_REALM: PORI + KEYCLOAK_CLIENT_ID: GraphKB + # customize settings below + API_BASE_URL: http://localhost:8080 + KEYCLOAK_URL: $KEYCLOAK_AUTH_URL + PUBLIC_PATH: / + ports: + - 5000:80 + depends_on: + - graphkb_api + networks: + - app-network + restart: always + ipr_db: + #image: bcgsc/pori-ipr-demodb:latest + build: + context: /home/eleanor/git/pori_ipr_api/pori_ipr_api + dockerfile: /home/eleanor/git/pori_ipr_api/pori_ipr_api/Dockerfile.prod.db + restart: always + environment: + POSTGRES_USER: $IPR_POSTGRES_USER + SERVICE_USER: $IPR_SERVICE_USER + PGDATA: /var/lib/postgresql/data/pgdata + # customize settings below + POSTGRES_PASSWORD: $IPR_POSTGRES_PASSWORD + SERVICE_PASSWORD: $SERVICE_PASSWORD + ports: + - $IPR_DB_PORT:5432 + networks: + - app-network + healthcheck: + test: ["CMD-SHELL", "pg_isready"] + interval: 10s + timeout: 5s + retries: 5 + #volumes: + # - source: $PSQL_DB_DATA + # target: /var/lib/postgresql/data + # type: bind + # - source: $PSQL_DB_BACKUP + # target: /var/lib/postgresql/backup + # type: bind + redis: + image: redis:6.2-alpine + # Set health checks to wait until redis has started + healthcheck: + test: redis-cli ping + interval: 10s + timeout: 5s + retries: 5 + ports: + # Maps port 6379 on service container to the host + - 6379:6379 + networks: + - app-network + restart: always + ipr_api: + #image: bcgsc/pori-ipr-api:latest + build: + context: + /home/eleanor/git/pori_ipr_api/pori_ipr_api + environment: + IPR_DATABASE_HOSTNAME: $IPR_DATABASE_HOSTNAME + IPR_DATABASE_NAME: $IPR_DATABASE_NAME + IPR_DATABASE_USERNAME: $IPR_DATABASE_USERNAME + IPR_DATABASE_ADMINNAME: $IPR_DATABASE_ADMINNAME + IPR_GRAPHKB_USERNAME: $IPR_GRAPHKB_USERNAME + IPR_KEYCLOAK_KEYFILE: $IPR_KEYCLOAK_KEYFILE + # customize settings below + IPR_DATABASE_PASSWORD: tiesting #$IPR_DATABASE_PASSWORD + IPR_SERVICE_PASS: tiesting + SERVICE_PASS: tiesting + SERVICE_PASSWORD: tiesting + IPR_SERVICE_PASSWORD: tiesting + IPR_GRAPHKB_PASSWORD: $IPR_GRAPHKB_PASSWORD + IPR_GRAPHKB_URI: http://localhost:8080/api + IPR_KEYCLOAK_URI: $KEYCLOAK_TOKEN_URI + IPR_REDIS_HOST: redis + IPR_REDIS_PORT: 6379 + IPR_REDIS_QUEUE_PORT: 6380 + SCRIPT_TYPE: create + command: /bin/bash -c "npm start" #> + # /bin/bash -c "if [ 'migration' == 'migration' ]; then ./ipr_api_migrate.sh; else ./create_ipr_schema.sh; fi" + ports: + - 8081:8080 + depends_on: + - ipr_db + - redis + - keycloak + networks: + - app-network + restart: always + tty: true + volumes: + - source: ./sequelize_config.json + target: /usr/src/app/config/config.json + type: bind + - source: ./create_ipr_schema.sh + target: /usr/src/app/create_ipr_schema.sh + type: bind + - source: ./ipr_api_migrate.sh + target: /usr/src/app/ipr_api_migrate.sh + type: bind + - source: ./keys + target: /keys + type: bind + read_only: true + healthcheck: + test: ["CMD", "curl", "-f", "http://ipr_api:8080/api/spec.json"] + interval: 30s + timeout: 10s + retries: 5 + ipr_client: + image: bcgsc/pori-ipr-client:latest + environment: + KEYCLOAK_REALM: PORI + # customize settings below + API_BASE_URL: http://localhost:8081/api + GRAPHKB_URL: http://localhost:5000 + KEYCLOAK_URL: $KEYCLOAK_AUTH_URL + PUBLIC_PATH: / + ports: + - 3000:80 + depends_on: + - ipr_api + networks: + - app-network + restart: always +networks: + app-network: + driver: bridge diff --git a/nd/env.sh b/nd/env.sh new file mode 100644 index 0000000..5cb588c --- /dev/null +++ b/nd/env.sh @@ -0,0 +1,31 @@ +export IPR_DB_PORT=5433 # if you don't have a psql instance running locally, you won't need to set this + +export KEYCLOAK_ADMIN_USER=admin +export KEYCLOAK_ADMIN_PASS=admin +export KEYCLOAK_TOKEN_URI=http://keycloak:8888/auth/realms/PORI/protocol/openid-connect/token +export KEYCLOAK_AUTH_URL=http://localhost:8888/auth + +export GKB_DBS_PASS=root +export IPR_POSTGRES_USER=postgres +export IPR_POSTGRES_PASSWORD= +export SERVICE_PASSWORD= +export IPR_DATABASE_HOSTNAME=ipr_db +export IPR_DATABASE_NAME=ipr +export IPR_DATABASE_USERNAME=ipr_service +export IPR_DATABASE_ADMINNAME=ipr_service +export IPR_GRAPHKB_USERNAME=ipr_graphkb_link +export IPR_KEYCLOAK_KEYFILE=/keys/keycloak.key +export IPR_DATABASE_PASSWORD= +export IPR_GRAPHKB_PASSWORD=ipr_graphkb_link +export IPR_SERVICE_USER=ipr_service + +export GRAPHKB_DB_BACKUP=.././databases/orientdb/backup +export GRAPHKB_DB_DATA=.././databases/orientdb/backup +export PSQL_DB_BACKUP=.././databases/postgresql/backup +export PSQL_DB_DATA=.././databases/postgresql/data + +export SCHEMA_DUMP_LOCATION=../ + +export PORI_ADMIN_EMAIL= +export PORI_ADMIN_USER='pori_admin' +export TEMPLATE_NAME='templateipr' diff --git a/nd/ipr_api_create.sh b/nd/ipr_api_create.sh new file mode 100755 index 0000000..84a45ec --- /dev/null +++ b/nd/ipr_api_create.sh @@ -0,0 +1,7 @@ +npm install sequelize-cli>5.2 +npm install pg pg-hstore +[ -f config/config.json ] || ./node_modules/.bin/sequelize-cli init +./node_modules/.bin/sequelize-cli db:create +npm run-script create_migration_record +./node_modules/.bin/sequelize-cli db:migrate +npm start \ No newline at end of file diff --git a/nd/ipr_api_migrate.sh b/nd/ipr_api_migrate.sh new file mode 100755 index 0000000..a11e907 --- /dev/null +++ b/nd/ipr_api_migrate.sh @@ -0,0 +1,5 @@ +npm install sequelize-cli>5.2 +npm install pg pg-hstore +[ -f config/config.json ] || ./node_modules/.bin/sequelize-cli init +./node_modules/.bin/sequelize-cli db:migrate +npm start \ No newline at end of file diff --git a/nd/sequelize_config.json b/nd/sequelize_config.json new file mode 100644 index 0000000..7e53b5b --- /dev/null +++ b/nd/sequelize_config.json @@ -0,0 +1,23 @@ +{ + "development": { + "username": "ipr_service", + "password": "root", + "database": "ipr", + "host": "ipr_db", + "dialect": "postgres" + }, + "test": { + "username": "root", + "password": null, + "database": "database_test", + "host": "127.0.0.1", + "dialect": "mysql" + }, + "production": { + "username": "root", + "password": null, + "database": "database_production", + "host": "127.0.0.1", + "dialect": "mysql" + } +}