From 2f6fd7c2bcd384ce6f725e32a547620ff56bb6e8 Mon Sep 17 00:00:00 2001 From: Marcel Haag Date: Fri, 12 May 2023 13:29:28 +0200 Subject: [PATCH] feat: Secure MongoDB and add Liquibase to project --- .../tutorial-dialog.component.html | 2 +- security-c4po-api/build.gradle.kts | 5 + .../api/SecurityC4POApplication.kt | 2 + .../mongock/DatabaseChangeLog.kt | 44 + .../src/main/resources/application.properties | 12 +- .../test/resources/collections/comments.json | 42 + .../test/resources/collections/findings.json | 42 + .../test/resources/collections/pentests.json | 102 +- .../test/resources/collections/projects.json | 27 +- .../cfg/old_c4po_realm_export.json | 2009 ----------------- security-c4po-cfg/docker-compose.yml | 8 +- 11 files changed, 268 insertions(+), 2027 deletions(-) create mode 100644 security-c4po-api/src/main/kotlin/com/securityc4po/api/configuration/mongock/DatabaseChangeLog.kt delete mode 100644 security-c4po-cfg/cfg/old_c4po_realm_export.json diff --git a/security-c4po-angular/src/shared/modules/tutorial-dialog/tutorial-dialog.component.html b/security-c4po-angular/src/shared/modules/tutorial-dialog/tutorial-dialog.component.html index 4390faf..8821e18 100644 --- a/security-c4po-angular/src/shared/modules/tutorial-dialog/tutorial-dialog.component.html +++ b/security-c4po-angular/src/shared/modules/tutorial-dialog/tutorial-dialog.component.html @@ -1,6 +1,6 @@ - {{ 'tutorial.header' | translate }} diff --git a/security-c4po-api/build.gradle.kts b/security-c4po-api/build.gradle.kts index b601610..ebe3f5c 100644 --- a/security-c4po-api/build.gradle.kts +++ b/security-c4po-api/build.gradle.kts @@ -77,6 +77,11 @@ dependencies { implementation("org.springframework.boot:spring-boot-starter-oauth2-client") implementation("org.modelmapper:modelmapper:2.3.2") + // Mongock + implementation("com.github.cloudyrock.mongock:mongock-bom:4.1.19") + implementation("com.github.cloudyrock.mongock:mongock-spring-v5:4.1.19") + implementation("com.github.cloudyrock.mongock:mongodb-springdata-v3-driver:4.1.19") + api("org.springframework.boot:spring-boot-starter-test") api("org.springframework.security:spring-security-jwt:1.1.1.RELEASE") api("net.logstash.logback:logstash-logback-encoder:6.2") diff --git a/security-c4po-api/src/main/kotlin/com/securityc4po/api/SecurityC4POApplication.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/SecurityC4POApplication.kt index 3d8d434..9482e03 100644 --- a/security-c4po-api/src/main/kotlin/com/securityc4po/api/SecurityC4POApplication.kt +++ b/security-c4po-api/src/main/kotlin/com/securityc4po/api/SecurityC4POApplication.kt @@ -1,9 +1,11 @@ package com.securityc4po.api +import com.github.cloudyrock.spring.v5.EnableMongock import org.springframework.boot.autoconfigure.SpringBootApplication import org.springframework.boot.runApplication @SpringBootApplication +@EnableMongock class SecurityC4POApplication fun main(args: Array) { diff --git a/security-c4po-api/src/main/kotlin/com/securityc4po/api/configuration/mongock/DatabaseChangeLog.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/configuration/mongock/DatabaseChangeLog.kt new file mode 100644 index 0000000..16497dd --- /dev/null +++ b/security-c4po-api/src/main/kotlin/com/securityc4po/api/configuration/mongock/DatabaseChangeLog.kt @@ -0,0 +1,44 @@ +package com.securityc4po.api.configuration.mongock + +import com.github.cloudyrock.mongock.ChangeLog +import com.github.cloudyrock.mongock.ChangeSet +import com.securityc4po.api.project.* +import java.time.Instant +import java.util.* + + +@ChangeLog +class DatabaseChangeLog { + + @ChangeSet(order = "001", id = "seedDatabase", author = "Cel") + fun seedDatabase(projectRepository: ProjectRepository): Unit { + val projectList: MutableList = mutableListOf() + projectList.add(ProjectEntity(createNewProjectData("Juice Shop", "OWASP", "C4PO"))) + projectRepository.insert(projectList).subscribe() + } + + private fun createNewProjectData(titleData: String, clientData: String, testerData: String): Project { + return Project( + id = UUID.randomUUID().toString(), + client = clientData, + title = titleData, + createdAt = Instant.now().toString(), + tester = testerData, + summary = "", + state = PentestState.NEW, + version = "1.0", + projectPentests = emptyList(), + createdBy = "f8aab31f-4925-4242-a6fa-f98135b4b032" + ) + } + + /** + * This method is mandatory even when transactions are enabled. + * They are used in the undo operation and any other scenario where transactions are not an option. + * However, note that when transactions are avialble and Mongock need to rollback, this method is ignored. + */ +/* @RollbackExecution + fun rollback() { + mongoTemplate.deleteMany(Document()) + }*/ +} diff --git a/security-c4po-api/src/main/resources/application.properties b/security-c4po-api/src/main/resources/application.properties index 33b1cbe..6d1329d 100644 --- a/security-c4po-api/src/main/resources/application.properties +++ b/security-c4po-api/src/main/resources/application.properties @@ -12,8 +12,18 @@ management.endpoint.health.enabled=true management.endpoints.web.exposure.include=info, health, metrics ## Database (MONGODB) Config ## -spring.data.mongodb.database=c4po +spring.data.mongodb.authentication-database=admin +spring.data.mongodb.username=admin +spring.data.mongodb.password=Test1234! spring.data.mongodb.auto-index-creation=true +spring.data.mongodb.database=c4po +spring.data.mongodb.host=localhost +spring.data.mongodb.port=27017 + + +## Mongock Properties ## +mongock.change-logs-scan-package=com.securityc4po.api.mongock + ## IdentityProvider (Keycloak) ## spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8080/auth/realms/c4po_realm_local diff --git a/security-c4po-api/src/test/resources/collections/comments.json b/security-c4po-api/src/test/resources/collections/comments.json index a7307d4..18470da 100644 --- a/security-c4po-api/src/test/resources/collections/comments.json +++ b/security-c4po-api/src/test/resources/collections/comments.json @@ -54,4 +54,46 @@ "attachments": [] }, "_class": "com.securityc4po.api.pentest.comment.CommentEntity" +},{ + "_id": { + "$oid": "6440085a1f4ed15ba9666309" + }, + "lastModified": { + "$date": "2023-04-19T15:27:22.756Z" + }, + "data": { + "_id": "f4901f6b-6814-450c-8734-7ff1b3eed9b0", + "title": "Deprecated MIME Types", + "description": "When looking through the main.js file of the webserver we can search for \"allowedMimeType\" and get presented with the following:\n- application/pdf\n- application/xml\n- text/xml\n- application/zip\n- application/x-zip-compressed\n- multipart/x-zip\n\nEspecially the upload of xml files can result in a XXE Attack or in a RCE.", + "attachments": [] + }, + "_class": "com.securityc4po.api.pentest.comment.CommentEntity" +},{ + "_id": { + "$oid": "644008e81f4ed15ba966630a" + }, + "lastModified": { + "$date": "2023-04-19T15:29:44.718Z" + }, + "data": { + "_id": "0dd84537-6be7-468f-a4ad-6cf30d8fb7dc", + "title": "Webserver Type", + "description": "When looking at \"Server\" property of the repsonse header we can see that the application is running on a Cowboy HTTP Server.", + "attachments": [] + }, + "_class": "com.securityc4po.api.pentest.comment.CommentEntity" +},{ + "_id": { + "$oid": "645a23e989feac5618c3a83e" + }, + "lastModified": { + "$date": "2023-05-09T10:43:53.712Z" + }, + "data": { + "_id": "eb31f820-0f7b-4b70-98e2-ed8624d56824", + "title": "Juice Shop Application Structure", + "description": "In the frontend the popular Angular framework is used to create a so-called Single Page Application.\nJavaScript is also used in the backend as the exclusive programming language: An Express application hosted in a Node.js server delivers the client-side code to the browser. It also provides the necessary backend functionality to the client via a RESTful API.\nAs an underlying database a light-weight SQLite was chosen, because of its file-based nature. Sequelize and finale-rest are used as an abstraction layer from the database.\nAs an additional data store, a MarsDB is part of the OWASP Juice Shop.\nThe application also offers user registration via OAuth 2.0 so users can sign in with their Google accounts.", + "attachments": [] + }, + "_class": "com.securityc4po.api.pentest.comment.CommentEntity" }] \ No newline at end of file diff --git a/security-c4po-api/src/test/resources/collections/findings.json b/security-c4po-api/src/test/resources/collections/findings.json index 524e76a..d96dbcb 100644 --- a/security-c4po-api/src/test/resources/collections/findings.json +++ b/security-c4po-api/src/test/resources/collections/findings.json @@ -177,4 +177,46 @@ "attachments": [] }, "_class": "com.securityc4po.api.pentest.finding.FindingEntity" +},{ + "_id": { + "$oid": "6440041a1f4ed15ba9666307" + }, + "lastModified": { + "$date": "2023-04-19T15:48:58.169Z" + }, + "data": { + "_id": "ac45159b-4108-4ec2-b6aa-d3bfc5d597d2", + "severity": "LOW", + "title": "Enumuration of Webserver", + "description": "Running nmap against the Webserver we can find the following information about the installed services.\nInteresting ports on 54.78.134.111:\n- 993/tcp is running imaps\n- 995/tcp is running pop3s\n- 3128/tcp is runnung squid-http\n- 8080/tcp is running http-proxy", + "impact": "Webserver", + "affectedUrls": [ + "https://juice-shop.herokuapp.com/" + ], + "reproduction": "Step 1:\nResolve IP-Address of Webserver (https://juice-shop.herokuapp.com/) through nslookup.\n\nStep 2:\nScan the address that got returned from the DNS via nmap (nmap -sC -sV 54.78.134.111).\n\nStep 3:\nSee what service runs on which port.", + "mitigation": "", + "attachments": [] + }, + "_class": "com.securityc4po.api.pentest.finding.FindingEntity" +},{ + "_id": { + "$oid": "64400afd1f4ed15ba966630c" + }, + "lastModified": { + "$date": "2023-04-19T15:40:06.007Z" + }, + "data": { + "_id": "972b0cee-13e5-4267-ab5c-5b00c9657578", + "severity": "HIGH", + "title": "Admin Useraccount", + "description": "When looking through the application it is possible to find the censored e-mail of an user with an juice-shop mail (***der@juice.sh.op) that can be found on the \"About Us\" page by the customer feedback section. \n\nUpon further investigating the product reviews the complete admin e-mail (admin@juice-sh.op) can be found in the review for the Apple Juice.\n\nThis account can now be used by an attacker to try to bruteforce into the account since the username is now known.", + "impact": "Webserver only.", + "affectedUrls": [ + "https://juice-shop.herokuapp.com/#/about" + ], + "reproduction": "Step 1:\nLook at the hompage.\n\nStep 2:\nClick on the \"Apple Juice (1000ml)\" Item.\n\nStep 3:\nOpen the reviews.\n\nYou can now directly see the e-mail of the admin user.", + "mitigation": "Censor important usernames of accounts with high priveldges like seen on the \"About Us\" page by the customer feedback section.", + "attachments": [] + }, + "_class": "com.securityc4po.api.pentest.finding.FindingEntity" }] \ No newline at end of file diff --git a/security-c4po-api/src/test/resources/collections/pentests.json b/security-c4po-api/src/test/resources/collections/pentests.json index 767ba5e..5d4a554 100644 --- a/security-c4po-api/src/test/resources/collections/pentests.json +++ b/security-c4po-api/src/test/resources/collections/pentests.json @@ -3,18 +3,18 @@ "$oid": "6436890ce15faf56402f785c" }, "lastModified": { - "$date": "2023-04-12T12:19:36.316Z" + "$date": "2023-04-19T15:14:54.250Z" }, "data": { "_id": "81c113d1-f2a0-4ce1-a93d-f636ef9b4717", "projectId": "cb4dc4c2-180f-4b82-88bd-9e19629dfb7b", "category": "INFORMATION_GATHERING", "refNumber": "OTG-INFO-001", - "status": "NOT_STARTED", + "status": "PAUSED", "enabled": true, "findingIds": [], "commentIds": [], - "timeSpent": 0 + "timeSpent": 2 }, "_class": "com.securityc4po.api.pentest.PentestEntity" },{ @@ -22,7 +22,7 @@ "$oid": "6436991828fc40394ae5b622" }, "lastModified": { - "$date": "2023-04-12T11:43:44.143Z" + "$date": "2023-04-21T08:39:32.760Z" }, "data": { "_id": "e9b80890-7a44-40da-8c32-f1b4611e25c6", @@ -35,7 +35,7 @@ "commentIds": [ "5514f0d3-7c80-4138-bf3e-56b515560f00" ], - "timeSpent": 84 + "timeSpent": 134 }, "_class": "com.securityc4po.api.pentest.PentestEntity" },{ @@ -1868,18 +1868,104 @@ "$oid": "6436a2b228fc40394ae5b691" }, "lastModified": { - "$date": "2023-04-12T12:23:14.565Z" + "$date": "2023-04-19T15:29:47.451Z" }, "data": { "_id": "fe3a2361-a23c-4a5d-8702-7b4178be3b8e", "projectId": "cb4dc4c2-180f-4b82-88bd-9e19629dfb7b", "category": "INFORMATION_GATHERING", "refNumber": "OTG-INFO-002", - "status": "NOT_STARTED", + "status": "PAUSED", + "enabled": true, + "findingIds": [], + "commentIds": [ + "0dd84537-6be7-468f-a4ad-6cf30d8fb7dc" + ], + "timeSpent": 52 + }, + "_class": "com.securityc4po.api.pentest.PentestEntity" +},{ + "_id": { + "$oid": "6440021c1f4ed15ba9666306" + }, + "lastModified": { + "$date": "2023-04-19T15:13:01.899Z" + }, + "data": { + "_id": "64b6f349-579a-4a05-b813-b049c7dc9094", + "projectId": "cb4dc4c2-180f-4b82-88bd-9e19629dfb7b", + "category": "INFORMATION_GATHERING", + "refNumber": "OTG-INFO-004", + "status": "COMPLETED", + "enabled": true, + "findingIds": [ + "ac45159b-4108-4ec2-b6aa-d3bfc5d597d2" + ], + "commentIds": [], + "timeSpent": 468 + }, + "_class": "com.securityc4po.api.pentest.PentestEntity" +},{ + "_id": { + "$oid": "644005481f4ed15ba9666308" + }, + "lastModified": { + "$date": "2023-04-19T15:40:19.727Z" + }, + "data": { + "_id": "917a5808-25b3-46fd-8c6b-68f1190479bd", + "projectId": "cb4dc4c2-180f-4b82-88bd-9e19629dfb7b", + "category": "INFORMATION_GATHERING", + "refNumber": "OTG-INFO-003", + "status": "PAUSED", + "enabled": true, + "findingIds": [], + "commentIds": [ + "f4901f6b-6814-450c-8734-7ff1b3eed9b0" + ], + "timeSpent": 280 + }, + "_class": "com.securityc4po.api.pentest.PentestEntity" +},{ + "_id": { + "$oid": "644009311f4ed15ba966630b" + }, + "lastModified": { + "$date": "2023-05-09T10:43:56.757Z" + }, + "data": { + "_id": "1c8e6b39-4916-4d28-8db5-78d6d044ad2f", + "projectId": "cb4dc4c2-180f-4b82-88bd-9e19629dfb7b", + "category": "INFORMATION_GATHERING", + "refNumber": "OTG-INFO-005", + "status": "COMPLETED", + "enabled": true, + "findingIds": [ + "972b0cee-13e5-4267-ab5c-5b00c9657578" + ], + "commentIds": [ + "eb31f820-0f7b-4b70-98e2-ed8624d56824" + ], + "timeSpent": 532 + }, + "_class": "com.securityc4po.api.pentest.PentestEntity" +},{ + "_id": { + "$oid": "64465036adb26d55611502c7" + }, + "lastModified": { + "$date": "2023-04-24T09:48:03.569Z" + }, + "data": { + "_id": "67a70db2-1537-4a44-98a6-4ae031015962", + "projectId": "cb4dc4c2-180f-4b82-88bd-9e19629dfb7b", + "category": "INFORMATION_GATHERING", + "refNumber": "OTG-INFO-006", + "status": "PAUSED", "enabled": true, "findingIds": [], "commentIds": [], - "timeSpent": 0 + "timeSpent": 4 }, "_class": "com.securityc4po.api.pentest.PentestEntity" }] \ No newline at end of file diff --git a/security-c4po-api/src/test/resources/collections/projects.json b/security-c4po-api/src/test/resources/collections/projects.json index 908c46e..8f89aa9 100644 --- a/security-c4po-api/src/test/resources/collections/projects.json +++ b/security-c4po-api/src/test/resources/collections/projects.json @@ -3,7 +3,7 @@ "$oid": "64368903e15faf56402f785b" }, "lastModified": { - "$date": "2023-04-12T12:23:14.572Z" + "$date": "2023-05-09T10:43:56.770Z" }, "data": { "_id": "cb4dc4c2-180f-4b82-88bd-9e19629dfb7b", @@ -17,7 +17,7 @@ "projectPentests": [ { "pentestId": "81c113d1-f2a0-4ce1-a93d-f636ef9b4717", - "status": "NOT_STARTED" + "status": "PAUSED" }, { "pentestId": "90a14259-2bf7-418a-babc-10015be84369", @@ -53,7 +53,23 @@ }, { "pentestId": "fe3a2361-a23c-4a5d-8702-7b4178be3b8e", - "status": "NOT_STARTED" + "status": "PAUSED" + }, + { + "pentestId": "64b6f349-579a-4a05-b813-b049c7dc9094", + "status": "COMPLETED" + }, + { + "pentestId": "917a5808-25b3-46fd-8c6b-68f1190479bd", + "status": "PAUSED" + }, + { + "pentestId": "1c8e6b39-4916-4d28-8db5-78d6d044ad2f", + "status": "COMPLETED" + }, + { + "pentestId": "67a70db2-1537-4a44-98a6-4ae031015962", + "status": "PAUSED" } ], "createdBy": "2b4615ec-2f58-4d6a-8543-0c764d64455a" @@ -83,15 +99,14 @@ "$oid": "64369b7a28fc40394ae5b62f" }, "lastModified": { - "$date": "2023-04-12T12:12:21.434Z" + "$date": "2023-04-12T13:18:12.868Z" }, "data": { "_id": "953b91b8-6cc8-4cbb-97eb-dfdadf69d217", "client": "Dio Stonemask Inc.", - "title": "loq4il bizarre adventure", + "title": "log4jj bizarre adventure", "createdAt": "2023-04-12T11:52:26.624663Z", "tester": "Jojo", - "summary": "Dio Stonemask Inc. contracted Jojo to perform a Penetration Test to identify security weaknesses,\ndetermine the impact to Dio Stonemask Inc., document all findings in a clear and repeatable manner,\nand provide remediation recommendations.", "state": "INFORMATIVE", "version": "1.0", "projectPentests": [ diff --git a/security-c4po-cfg/cfg/old_c4po_realm_export.json b/security-c4po-cfg/cfg/old_c4po_realm_export.json deleted file mode 100644 index d076986..0000000 --- a/security-c4po-cfg/cfg/old_c4po_realm_export.json +++ /dev/null @@ -1,2009 +0,0 @@ -{ - "id" : "c4po_realm_local", - "realm" : "c4po_realm_local", - "displayName" : "C4PO", - "displayNameHtml" : "
C4PO
", - "notBefore" : 0, - "defaultSignatureAlgorithm" : "RS256", - "revokeRefreshToken" : false, - "refreshTokenMaxReuse" : 0, - "accessTokenLifespan" : 18000, - "accessTokenLifespanForImplicitFlow" : 900, - "ssoSessionIdleTimeout" : 28800, - "ssoSessionMaxLifespan" : 604800, - "ssoSessionIdleTimeoutRememberMe" : 0, - "ssoSessionMaxLifespanRememberMe" : 0, - "offlineSessionIdleTimeout" : 2592000, - "offlineSessionMaxLifespanEnabled" : false, - "offlineSessionMaxLifespan" : 5184000, - "clientSessionIdleTimeout" : 0, - "clientSessionMaxLifespan" : 0, - "clientOfflineSessionIdleTimeout" : 0, - "clientOfflineSessionMaxLifespan" : 0, - "accessCodeLifespan" : 60, - "accessCodeLifespanUserAction" : 300, - "accessCodeLifespanLogin" : 28800, - "actionTokenGeneratedByAdminLifespan" : 43200, - "actionTokenGeneratedByUserLifespan" : 300, - "oauth2DeviceCodeLifespan" : 600, - "oauth2DevicePollingInterval" : 5, - "enabled" : true, - "sslRequired" : "external", - "registrationAllowed" : false, - "registrationEmailAsUsername" : false, - "rememberMe" : true, - "verifyEmail" : false, - "loginWithEmailAllowed" : true, - "duplicateEmailsAllowed" : false, - "resetPasswordAllowed" : true, - "editUsernameAllowed" : false, - "bruteForceProtected" : false, - "permanentLockout" : false, - "maxFailureWaitSeconds" : 900, - "minimumQuickLoginWaitSeconds" : 60, - "waitIncrementSeconds" : 60, - "quickLoginCheckMilliSeconds" : 1000, - "maxDeltaTimeSeconds" : 43200, - "failureFactor" : 30, - "roles" : { - "realm" : [ { - "id" : "2faaa7e1-01d0-480d-b397-66155bf8a950", - "name" : "uma_authorization", - "description" : "${role_uma_authorization}", - "composite" : false, - "clientRole" : false, - "containerId" : "c4po_realm_local", - "attributes" : { } - }, { - "id" : "14eac93b-242a-4058-ba97-cf1f05a1e2ca", - "name" : "c4po_user", - "description" : "This is a normal user role", - "composite" : false, - "clientRole" : false, - "containerId" : "c4po_realm_local", - "attributes" : { } - }, { - "id" : "9b6774c4-335d-44fb-82ba-d6e18dde814d", - "name" : "offline_access", - "description" : "${role_offline-access}", - "composite" : false, - "clientRole" : false, - "containerId" : "c4po_realm_local", - "attributes" : { } - }, { - "id" : "3dc67a08-dc0a-4bb1-8808-b49bbf4611b0", - "name" : "c4po_admin", - "description" : "This is an admin role", - "composite" : true, - "composites" : { - "realm" : [ "offline_access", "uma_authorization" ] - }, - "clientRole" : false, - "containerId" : "c4po_realm_local", - "attributes" : { } - }, { - "id" : "da9911ce-ab0d-4a99-b73a-0ed6ca0406a7", - "name" : "default-roles-c4po_realm_local", - "description" : "${role_default-roles}", - "composite" : true, - "composites" : { - "realm" : [ "offline_access", "uma_authorization" ], - "client" : { - "account" : [ "view-profile", "manage-account" ] - } - }, - "clientRole" : false, - "containerId" : "c4po_realm_local", - "attributes" : { } - } ], - "client" : { - "realm-management" : [ { - "id" : "72960cc0-cb99-4759-b342-7096bcd3c92a", - "name" : "create-client", - "description" : "${role_create-client}", - "composite" : false, - "clientRole" : true, - "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", - "attributes" : { } - }, { - "id" : "c90d908c-7e17-4ada-9f3b-aa623e449ef1", - "name" : "manage-clients", - "description" : "${role_manage-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", - "attributes" : { } - }, { - "id" : "dc9e7c69-4ed1-403d-ac42-55c507f3be40", - "name" : "manage-realm", - "description" : "${role_manage-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", - "attributes" : { } - }, { - "id" : "82f7b76d-b528-4fd5-aa9f-d89f1df9e1e1", - "name" : "impersonation", - "description" : "${role_impersonation}", - "composite" : false, - "clientRole" : true, - "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", - "attributes" : { } - }, { - "id" : "3e152bff-b1b3-491e-8b41-5824f417357e", - "name" : "query-groups", - "description" : "${role_query-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", - "attributes" : { } - }, { - "id" : "fa7c22da-a9ef-4895-ae56-57403f279631", - "name" : "view-authorization", - "description" : "${role_view-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", - "attributes" : { } - }, { - "id" : "d0610310-b6e1-46cc-90e3-64a9948f1e1d", - "name" : "view-clients", - "description" : "${role_view-clients}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "query-clients" ] - } - }, - "clientRole" : true, - "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", - "attributes" : { } - }, { - "id" : "c8fb89bc-00a8-4d6b-bb5c-d13cba12840d", - "name" : "manage-identity-providers", - "description" : "${role_manage-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", - "attributes" : { } - }, { - "id" : "f36d5b71-6f9e-433e-a549-5f8dab3fa39d", - "name" : "query-realms", - "description" : "${role_query-realms}", - "composite" : false, - "clientRole" : true, - "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", - "attributes" : { } - }, { - "id" : "84338fd5-5a70-4c6a-b580-adb7416cb8b6", - "name" : "view-events", - "description" : "${role_view-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", - "attributes" : { } - }, { - "id" : "d10b3abb-4120-4d28-a3a5-2bc2600502a6", - "name" : "view-realm", - "description" : "${role_view-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", - "attributes" : { } - }, { - "id" : "96a21ada-31a8-4d6a-9e26-f7551ca6ec3b", - "name" : "query-clients", - "description" : "${role_query-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", - "attributes" : { } - }, { - "id" : "26f88bad-f69b-464f-89f1-43b987589173", - "name" : "manage-authorization", - "description" : "${role_manage-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", - "attributes" : { } - }, { - "id" : "7fcf212c-4371-48be-a75a-ec93830c4f8b", - "name" : "manage-users", - "description" : "${role_manage-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", - "attributes" : { } - }, { - "id" : "13ff84e3-fef2-4c52-a30b-89602dd22457", - "name" : "query-users", - "description" : "${role_query-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", - "attributes" : { } - }, { - "id" : "24928355-a003-4dc5-8272-71f32c3982e5", - "name" : "manage-events", - "description" : "${role_manage-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", - "attributes" : { } - }, { - "id" : "60932726-3a3b-44f0-b668-b1ec55946404", - "name" : "view-users", - "description" : "${role_view-users}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "query-users", "query-groups" ] - } - }, - "clientRole" : true, - "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", - "attributes" : { } - }, { - "id" : "18447ab5-84fc-4dc5-8f1b-ac39bfbd72a6", - "name" : "realm-admin", - "description" : "${role_realm-admin}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "create-client", "manage-clients", "manage-realm", "query-groups", "impersonation", "view-authorization", "view-clients", "manage-identity-providers", "view-events", "query-realms", "view-realm", "query-clients", "query-users", "manage-authorization", "manage-users", "manage-events", "view-users", "view-identity-providers" ] - } - }, - "clientRole" : true, - "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", - "attributes" : { } - }, { - "id" : "ca1a9e13-0f97-4c69-a37a-0edc9a822485", - "name" : "view-identity-providers", - "description" : "${role_view-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", - "attributes" : { } - } ], - "security-admin-console" : [ ], - "admin-cli" : [ ], - "c4po_local" : [ { - "id" : "e26a27e7-1648-491b-832a-8bf751d378bb", - "name" : "user", - "composite" : false, - "clientRole" : true, - "containerId" : "6cbc559d-073e-40d7-8b73-b2dcdc438461", - "attributes" : { } - } ], - "security-c4po-api" : [ ], - "account-console" : [ ], - "broker" : [ { - "id" : "ef655eb1-164c-49e3-be85-510395bfd7d9", - "name" : "read-token", - "description" : "${role_read-token}", - "composite" : false, - "clientRole" : true, - "containerId" : "f90fb534-a4bf-4e08-b0d3-8a5552eb5a12", - "attributes" : { } - } ], - "security-c4po-angular" : [ ], - "account" : [ { - "id" : "1d2d7350-47be-4131-b634-297b59731ccf", - "name" : "view-profile", - "description" : "${role_view-profile}", - "composite" : false, - "clientRole" : true, - "containerId" : "a7f62881-aa9e-4565-afeb-1d6305d3c56e", - "attributes" : { } - }, { - "id" : "14139dff-c524-4efd-84a1-9fbb3e8bafae", - "name" : "manage-account", - "description" : "${role_manage-account}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "manage-account-links" ] - } - }, - "clientRole" : true, - "containerId" : "a7f62881-aa9e-4565-afeb-1d6305d3c56e", - "attributes" : { } - }, { - "id" : "00ba6e25-3731-4363-9c07-3712aedf1ea8", - "name" : "view-groups", - "description" : "${role_view-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "a7f62881-aa9e-4565-afeb-1d6305d3c56e", - "attributes" : { } - }, { - "id" : "e772178b-5083-406b-84b5-e900a19f1a49", - "name" : "delete-account", - "description" : "${role_delete-account}", - "composite" : false, - "clientRole" : true, - "containerId" : "a7f62881-aa9e-4565-afeb-1d6305d3c56e", - "attributes" : { } - }, { - "id" : "f590afe8-3e54-491d-97b1-e29f56b22df3", - "name" : "manage-account-links", - "description" : "${role_manage-account-links}", - "composite" : false, - "clientRole" : true, - "containerId" : "a7f62881-aa9e-4565-afeb-1d6305d3c56e", - "attributes" : { } - }, { - "id" : "897b62b3-c4d8-4998-9536-9c2d59bd2896", - "name" : "manage-consent", - "description" : "${role_manage-consent}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "view-consent" ] - } - }, - "clientRole" : true, - "containerId" : "a7f62881-aa9e-4565-afeb-1d6305d3c56e", - "attributes" : { } - }, { - "id" : "34488e12-5873-490b-a25b-986e62a21caa", - "name" : "view-consent", - "description" : "${role_view-consent}", - "composite" : false, - "clientRole" : true, - "containerId" : "a7f62881-aa9e-4565-afeb-1d6305d3c56e", - "attributes" : { } - }, { - "id" : "18770e33-50c1-4bb8-960d-d8acd163f5ab", - "name" : "view-applications", - "description" : "${role_view-applications}", - "composite" : false, - "clientRole" : true, - "containerId" : "a7f62881-aa9e-4565-afeb-1d6305d3c56e", - "attributes" : { } - } ] - } - }, - "groups" : [ ], - "defaultRole" : { - "id" : "da9911ce-ab0d-4a99-b73a-0ed6ca0406a7", - "name" : "default-roles-c4po_realm_local", - "description" : "${role_default-roles}", - "composite" : true, - "clientRole" : false, - "containerId" : "c4po_realm_local" - }, - "requiredCredentials" : [ "password" ], - "otpPolicyType" : "totp", - "otpPolicyAlgorithm" : "HmacSHA1", - "otpPolicyInitialCounter" : 0, - "otpPolicyDigits" : 6, - "otpPolicyLookAheadWindow" : 1, - "otpPolicyPeriod" : 30, - "otpPolicyCodeReusable" : false, - "otpSupportedApplications" : [ "totpAppGoogleName", "totpAppFreeOTPName" ], - "webAuthnPolicyRpEntityName" : "keycloak", - "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyRpId" : "", - "webAuthnPolicyAttestationConveyancePreference" : "not specified", - "webAuthnPolicyAuthenticatorAttachment" : "not specified", - "webAuthnPolicyRequireResidentKey" : "not specified", - "webAuthnPolicyUserVerificationRequirement" : "not specified", - "webAuthnPolicyCreateTimeout" : 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyAcceptableAaguids" : [ ], - "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyPasswordlessRpId" : "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", - "webAuthnPolicyPasswordlessCreateTimeout" : 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], - "users" : [ { - "id" : "7fd27f3e-2102-4531-ad77-2423d42568e7", - "createdTimestamp" : 1682073378356, - "username" : "admin", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "admin", - "lastName" : "admin", - "credentials" : [ { - "id" : "095476b7-53a3-4528-85bd-4e45bebd1155", - "type" : "password", - "userLabel" : "My password", - "createdDate" : 1682073413281, - "secretData" : "{\"value\":\"2ZAR9LLxAcwOezklS872x9jSq8d4oGulf45PkPNs5KroeI22UCdDdIsAafy++JpQgXwBl+5Co82gOclWR3fldA==\",\"salt\":\"tAfgELoKjIq6/grj0epu7A==\",\"additionalParameters\":{}}", - "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "c4po_admin", "default-roles-c4po_realm_local" ], - "notBefore" : 0, - "groups" : [ ] - }, { - "id" : "16a52c3d-998b-4f2d-badb-1f369d95a690", - "createdTimestamp" : 1682073624527, - "username" : "c4po", - "enabled" : true, - "totp" : false, - "emailVerified" : false, - "firstName" : "Elliot", - "lastName" : "Alderson", - "attributes" : { - "locale" : [ "en" ] - }, - "credentials" : [ { - "id" : "028e1f11-50c1-4b28-a521-b80469aa1ae0", - "type" : "password", - "userLabel" : "My password", - "createdDate" : 1682073686387, - "secretData" : "{\"value\":\"M/Sb4JgRZ0TSR49GI+Xh+QMhX3iAK84G6xfF5tCCz3z4bneEtyuggOn/HcNOfwSpxj1qetci5017gcjOYqc1+g==\",\"salt\":\"jvPAa8JX8WIwgPHsJVL2QQ==\",\"additionalParameters\":{}}", - "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } ], - "disableableCredentialTypes" : [ ], - "requiredActions" : [ ], - "realmRoles" : [ "c4po_user", "default-roles-c4po_realm_local" ], - "notBefore" : 0, - "groups" : [ ] - } ], - "scopeMappings" : [ { - "clientScope" : "offline_access", - "roles" : [ "offline_access" ] - } ], - "clientScopeMappings" : { - "account" : [ { - "client" : "account-console", - "roles" : [ "manage-account", "view-groups" ] - } ] - }, - "clients" : [ { - "id" : "a7f62881-aa9e-4565-afeb-1d6305d3c56e", - "clientId" : "account", - "name" : "${client_account}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/c4po_realm_local/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "**********", - "redirectUris" : [ "/realms/c4po_realm_local/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "da51d616-1ca6-4434-a16d-b543d2a4e4c0", - "clientId" : "account-console", - "name" : "${client_account-console}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/c4po_realm_local/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "**********", - "redirectUris" : [ "/realms/c4po_realm_local/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+", - "pkce.code.challenge.method" : "S256" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "0c5a81d7-f454-4793-b4e4-60c924b73533", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - } ], - "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "63cb2215-d2f1-4229-96fc-82fb843e283a", - "clientId" : "admin-cli", - "name" : "${client_admin-cli}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "**********", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : false, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "f90fb534-a4bf-4e08-b0d3-8a5552eb5a12", - "clientId" : "broker", - "name" : "${client_broker}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "**********", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "6cbc559d-073e-40d7-8b73-b2dcdc438461", - "clientId" : "c4po_local", - "name" : "", - "description" : "", - "rootUrl" : "", - "adminUrl" : "", - "baseUrl" : "", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "http://localhost:4200/*" ], - "webOrigins" : [ "*" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.assertion.signature" : "false", - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "saml.encrypt" : "false", - "frontchannel.logout.url" : "/logout", - "post.logout.redirect.uris" : "*", - "oauth2.device.authorization.grant.enabled" : "false", - "saml.server.signature" : "false", - "backchannel.logout.revoke.offline.tokens" : "false", - "saml.server.signature.keyinfo.ext" : "false", - "exclude.session.state.from.auth.response" : "false", - "oidc.ciba.grant.enabled" : "false", - "backchannel.logout.session.required" : "true", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "tls.client.certificate.bound.access.tokens" : "false", - "saml.authnstatement" : "false", - "display.on.consent.screen" : "false", - "saml.onetimeuse.condition" : "false" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", - "clientId" : "realm-management", - "name" : "${client_realm-management}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "**********", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "7e165a51-6cb8-43cf-a4fe-1d0ad513586b", - "clientId" : "security-admin-console", - "name" : "${client_security-admin-console}", - "rootUrl" : "${authAdminUrl}", - "baseUrl" : "/admin/c4po_realm_local/console/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "**********", - "redirectUris" : [ "/admin/c4po_realm_local/console/*" ], - "webOrigins" : [ "+" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+", - "pkce.code.challenge.method" : "S256" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "4fd1eab6-f53b-4d37-b65c-bea9845b3e9f", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - } ], - "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "7f731c1c-4fd8-470a-a995-b242fc5b550d", - "clientId" : "security-c4po-angular", - "name" : "", - "description" : "", - "rootUrl" : "", - "adminUrl" : "", - "baseUrl" : "http://localhost:4200/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "482621c2-e0fe-43b9-bb62-7469158e1966", - "redirectUris" : [ "http://localhost:4200/*" ], - "webOrigins" : [ "*" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.assertion.signature" : "false", - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "saml.encrypt" : "false", - "post.logout.redirect.uris" : "*", - "oauth2.device.authorization.grant.enabled" : "false", - "saml.server.signature" : "false", - "backchannel.logout.revoke.offline.tokens" : "false", - "saml.server.signature.keyinfo.ext" : "false", - "exclude.session.state.from.auth.response" : "false", - "oidc.ciba.grant.enabled" : "false", - "backchannel.logout.session.required" : "true", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "tls.client.certificate.bound.access.tokens" : "false", - "saml.authnstatement" : "false", - "display.on.consent.screen" : "false", - "saml.onetimeuse.condition" : "false" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "8badc11a-50e4-44ae-a292-47e3759fcaeb", - "clientId" : "security-c4po-api", - "name" : "", - "description" : "", - "rootUrl" : "", - "adminUrl" : "", - "baseUrl" : "http://localhost:8443/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "0aef07ba-d8b4-405d-9dcb-f3743f966856", - "redirectUris" : [ "http://localhost:8443/*" ], - "webOrigins" : [ "*" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.assertion.signature" : "false", - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "saml.encrypt" : "false", - "post.logout.redirect.uris" : "*", - "oauth2.device.authorization.grant.enabled" : "false", - "saml.server.signature" : "false", - "backchannel.logout.revoke.offline.tokens" : "false", - "saml.server.signature.keyinfo.ext" : "false", - "exclude.session.state.from.auth.response" : "false", - "oidc.ciba.grant.enabled" : "false", - "backchannel.logout.session.required" : "true", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "false", - "tls.client.certificate.bound.access.tokens" : "false", - "saml.authnstatement" : "false", - "display.on.consent.screen" : "false", - "saml.onetimeuse.condition" : "false" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - } ], - "clientScopes" : [ { - "id" : "4b171f57-736a-41b4-b67b-585bac1d8d24", - "name" : "role_list", - "description" : "SAML role list", - "protocol" : "saml", - "attributes" : { - "consent.screen.text" : "${samlRoleListScopeConsentText}", - "display.on.consent.screen" : "true" - }, - "protocolMappers" : [ { - "id" : "2b161cf6-2c63-45e8-a698-48f7297cc303", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - } ] - }, { - "id" : "8d428e56-80df-4505-8e1a-26537e793b31", - "name" : "offline_access", - "description" : "OpenID Connect built-in scope: offline_access", - "protocol" : "openid-connect", - "attributes" : { - "consent.screen.text" : "${offlineAccessScopeConsentText}", - "display.on.consent.screen" : "true" - } - }, { - "id" : "ac7d05f9-d505-42e9-9b7c-1984b31e653d", - "name" : "profile", - "description" : "OpenID Connect built-in scope: profile", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${profileScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "2be3fbed-d2c8-46eb-94e0-b2efdf20ad60", - "name" : "middle name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "middleName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "middle_name", - "jsonType.label" : "String" - } - }, { - "id" : "d3465101-1321-43a7-8f65-8b782c390297", - "name" : "website", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "website", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "website", - "jsonType.label" : "String" - } - }, { - "id" : "68391807-41ec-4ce2-877d-3a808bb1bbe4", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - }, { - "id" : "d8d837e5-e1f8-45af-96b0-7c5607780e0b", - "name" : "nickname", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "nickname", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "nickname", - "jsonType.label" : "String" - } - }, { - "id" : "0667458d-83c3-4cd1-b60a-436a3bb42d2e", - "name" : "birthdate", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "birthdate", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "birthdate", - "jsonType.label" : "String" - } - }, { - "id" : "e8cd5b57-ee69-46eb-afd7-71cc68ca5384", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : false, - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true", - "userinfo.token.claim" : "true" - } - }, { - "id" : "643f5ffd-4c38-4228-808d-2fd9f2a075ba", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "b41a9738-9529-47f8-bd90-461c072212af", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "29c5817f-6101-48ff-a1e5-dbb23e3b0534", - "name" : "profile", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "profile", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "profile", - "jsonType.label" : "String" - } - }, { - "id" : "a4a193ec-25bb-4457-8287-ca2abaff5940", - "name" : "zoneinfo", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "zoneinfo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "zoneinfo", - "jsonType.label" : "String" - } - }, { - "id" : "3c132112-0285-4ef4-9317-2d94c58c9bc6", - "name" : "picture", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "picture", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "picture", - "jsonType.label" : "String" - } - }, { - "id" : "7bbf2f74-db95-47f1-8736-8b0864a01d5a", - "name" : "gender", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "gender", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "gender", - "jsonType.label" : "String" - } - }, { - "id" : "7f92e589-d307-4574-bf84-0f34bdbef9f3", - "name" : "updated at", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "updatedAt", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "updated_at", - "jsonType.label" : "String" - } - }, { - "id" : "efe55944-ab38-4fe2-9452-8499f9d52e80", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "faf5c077-e43d-4433-9f5d-ddfc10f31385", - "name" : "phone", - "description" : "OpenID Connect built-in scope: phone", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${phoneScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "57383851-63a0-4599-8074-ecaddfbf5164", - "name" : "phone number verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumberVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number_verified", - "jsonType.label" : "boolean" - } - }, { - "id" : "8992684a-ea4f-490c-8cd4-6af77ab77b64", - "name" : "phone number", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumber", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "21ac5f31-d742-40c7-89a1-cd7f35036450", - "name" : "roles", - "description" : "OpenID Connect scope for add user roles to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${rolesScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "c9ab2a7d-062d-419f-90d4-7682c854857e", - "name" : "realm roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "realm_access.roles", - "jsonType.label" : "String", - "multivalued" : "true" - } - }, { - "id" : "46b6c2ed-6b50-4205-a7c2-d2fd2c93353c", - "name" : "client roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-client-role-mapper", - "consentRequired" : false, - "config" : { - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "resource_access.${client_id}.roles", - "jsonType.label" : "String", - "multivalued" : "true" - } - }, { - "id" : "60e36e8d-7456-4581-9c35-068942b61a40", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - } ] - }, { - "id" : "b18623a4-3595-4993-b2bd-79e94778d28b", - "name" : "microprofile-jwt", - "description" : "Microprofile - JWT built-in scope", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "a59540b9-81a8-4ca8-b0ff-bff6ceb049c2", - "name" : "upn", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "upn", - "jsonType.label" : "String" - } - }, { - "id" : "0eee48de-8c6f-4167-8958-fb4d3ef973cc", - "name" : "groups", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "multivalued" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "foo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "groups", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "412cfb80-d33e-44da-a0e2-b0bde0423c00", - "name" : "address", - "description" : "OpenID Connect built-in scope: address", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${addressScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "261a490f-073d-4975-af5b-e2d9e21ea768", - "name" : "address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-address-mapper", - "consentRequired" : false, - "config" : { - "user.attribute.formatted" : "formatted", - "user.attribute.country" : "country", - "user.attribute.postal_code" : "postal_code", - "userinfo.token.claim" : "true", - "user.attribute.street" : "street", - "id.token.claim" : "true", - "user.attribute.region" : "region", - "access.token.claim" : "true", - "user.attribute.locality" : "locality" - } - } ] - }, { - "id" : "cd5f153a-ff23-43d5-81a0-6c8dc6f39a4e", - "name" : "web-origins", - "description" : "OpenID Connect scope for add allowed web origins to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false", - "consent.screen.text" : "" - }, - "protocolMappers" : [ { - "id" : "9a8031f8-997b-4899-ba60-05868f8e4b18", - "name" : "allowed web origins", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-allowed-origins-mapper", - "consentRequired" : false, - "config" : { } - } ] - }, { - "id" : "aeab50c1-fd64-4f14-83d9-2c545a23f77c", - "name" : "acr", - "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "a70e5d7f-734e-4838-96a1-67cd713f3c9e", - "name" : "acr loa level", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-acr-mapper", - "consentRequired" : false, - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true", - "userinfo.token.claim" : "true" - } - } ] - }, { - "id" : "32f1098d-79a9-4da4-a94a-c873fcc0f6e1", - "name" : "email", - "description" : "OpenID Connect built-in scope: email", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${emailScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "92afef33-2843-40bc-aba1-58d462fa81cc", - "name" : "email verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "emailVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email_verified", - "jsonType.label" : "boolean" - } - }, { - "id" : "4b4d33d1-ed47-40db-a05f-4253c25dbbff", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - } ] - } ], - "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins", "acr" ], - "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], - "browserSecurityHeaders" : { - "contentSecurityPolicyReportOnly" : "", - "xContentTypeOptions" : "nosniff", - "xRobotsTag" : "none", - "xFrameOptions" : "SAMEORIGIN", - "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection" : "1; mode=block", - "strictTransportSecurity" : "max-age=31536000; includeSubDomains" - }, - "smtpServer" : { }, - "eventsEnabled" : false, - "eventsListeners" : [ "jboss-logging" ], - "enabledEventTypes" : [ ], - "adminEventsEnabled" : false, - "adminEventsDetailsEnabled" : false, - "identityProviders" : [ ], - "identityProviderMappers" : [ ], - "components" : { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { - "id" : "56f53138-a448-42f5-ba77-b026b1b179d0", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "46301b5f-58b3-48f2-8844-e82f1b5b5ad3", - "name" : "Max Clients Limit", - "providerId" : "max-clients", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "max-clients" : [ "200" ] - } - }, { - "id" : "898437e1-5717-4010-9306-6c3582ca5b09", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", "saml-role-list-mapper", "saml-user-property-mapper" ] - } - }, { - "id" : "cc2d0cd7-3d3f-4b0a-ad95-7118f36bf188", - "name" : "Full Scope Disabled", - "providerId" : "scope", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - }, { - "id" : "e1ded6a4-e0af-4c3a-bc5d-a142701302c4", - "name" : "Consent Required", - "providerId" : "consent-required", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - }, { - "id" : "12513189-c247-4869-8a24-ba7f694e8668", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "7511759b-c33d-4bb4-bd46-724599ea2efb", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "saml-role-list-mapper" ] - } - }, { - "id" : "92230e65-7480-44c3-af2d-72ddee758cbc", - "name" : "Trusted Hosts", - "providerId" : "trusted-hosts", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "host-sending-registration-request-must-match" : [ "true" ], - "client-uris-must-match" : [ "true" ] - } - } ], - "org.keycloak.userprofile.UserProfileProvider" : [ { - "id" : "d3115ef0-4137-41c5-9e7f-35ace4f7b43e", - "providerId" : "declarative-user-profile", - "subComponents" : { }, - "config" : { } - } ], - "org.keycloak.keys.KeyProvider" : [ { - "id" : "ea025a18-d77a-4bbc-8e3a-c6b55ccf4b3f", - "name" : "hmac-generated", - "providerId" : "hmac-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "ddd6d915-c898-4e32-b9de-f1469a2dfb6a" ], - "secret" : [ "GegBlWTwur6eFVW_fdHBsmbWZmpkLcZrhZS028OOUG3bErTFFxgjqHfH-cZ8au5uOFyquTYB1_IrzKNQB1HyMg" ], - "priority" : [ "100" ], - "algorithm" : [ "HS256" ] - } - }, { - "id" : "d54e6431-5a1c-4783-a9ca-dbbedd0b0f20", - "name" : "aes-generated", - "providerId" : "aes-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "40b8e0ac-9300-4736-9668-713676911d5e" ], - "secret" : [ "kJGFh7LGYAI2ged6rJQVDQ" ], - "priority" : [ "100" ] - } - }, { - "id" : "38c2dd59-c891-4558-8102-c26ada370abd", - "name" : "rsa-generated", - "providerId" : "rsa-generated", - "subComponents" : { }, - "config" : { - "privateKey" : [ "MIIEpAIBAAKCAQEA5l/1wCtrIxaD7HW7/Qlmb4DtH1KdHzXc3J24pyLO914lvwfZBaRz4mcY9nia9/R+oCr62/EjIxVa4/SfA+O7ZUgi2TMJtwtUX3CKRlm+ktK51wnJ1TNN38zYEB9fFKuElP3Sqva+nLlmVTMyqXkDzLLhFJnc1Szu8tWXJKyrim4Oo/iAfvbmTisldgJ1YH/wcqfH08jgVhySDSXde6HejThhuDsM4FqeaPANBztpxDwYDo7sj9mD8UE9NvyzXr2o0NV+JvZv2H0RHth3KUf8iJta5tjo+wY4vQAPvkfOOdwn+XEsWIhZwKGMPeYeqETT6kKQX//UbNc+5YT513U1PQIDAQABAoIBAQCTXRrUfHGiFkr5PS6tZA/0j6IfATekuU24ieOOdkOyFLVMh3aZl2LRlmVvdCKdLfa5+gRSIOP7EzP60YXOdSRwWz5/dZhnUIX+Lv0kl0/Cl61tEsPa72CHIn+rgIXPsQ+0RtE1r3SqyCXfpkpoAhMeI+a6yNlsO7v19g8i1Jk+iIUiQxtsCGGUt+FsTao1cXq/i7F7NCS9PUD5aAVyURI5IEJ5+YXJZN68y0EBf8B2kWToMVEgLM5BJZraH+APuDbndmRFmNqe8w6X1PAYBAzubuAHrNfda/PC6whuSsupI9oRugU4LFIPdBVZLyL833xYQgAA7OaEF4KzK/E00f75AoGBAP7sm2AWtgQ6f0QPQfcS6zJJNwrfU86ay1NDoVL3eYY9rz9FXtAfUq/+Wo6nTnez1YSJjhnLeTpngquTlSlqlJdHqoAgPaOtAnZltVZ21hU3/9KHfF3Bi5X8T0nvoJ8FZTiOCRKKNGr9FEVdYOG+avtF6+TaEQyeW2q7PDkwkSPfAoGBAOdY1RxPEjTvuBrgGGBJ3sDd75okVc3OTxHsmZ2j1dqftk0euU8kNcQ40L2rwJ/OdnThFsyHfnN9lLoEQzc/rDWm74pOgQGqJ+AQZzEt0kWV1TmOwWQEx8dvipxMgI3xWzQ4BnzK3LTWl19LrP2f9V4F/iv//EqqHN3btojIxmpjAoGAT0wGYPNvlw0jPWaJnHOUGcZQit9BUIkyKiplakt0z98sPkAz6AV2USyLusgsTmvwRRQM0dVLVnGQYhK8WW+/3Pb8AHMG+Xz9wRqON+ErYtpSh4iBlSB5bSRY/aS+j/i7rcXw6IV5HLawsYsEcfQrjxIG+N8kYop34VFwwFFtNH0CgYBC4Tlqn6lByHNOwa4KWBCfbQmRZCOyBYxyQBYArpZqR3WqQdGMgYlRmqMt0fMzv7oa+99dbWYu+QT/6a+Mz0l3kTT6pMtCsfApJFTQsNBy8Wfc5doekgs3KpXFrZAUeMvHAtNNTFAVr1u/Xt85yv5iGhVqnuxOoXMK6DOSw4goxQKBgQDvTnYvpyRlHvTFHgutWocGWZA/k9XwwZJJaferWYD79EZkZHG7vkNp1JyxiuL2nuCidQp6psuOl5HeauhPHzFmpnq014Ju49t8CklKbiQt51T8Ir0S3nXs6F3e31c2t9fgMwLDfrNW1713wwHntDCWcQjU2aTDpLk9MY+ZaBaQhg==" ], - "certificate" : [ "MIICrzCCAZcCBgF4ra3edDANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBBjNHBvX3JlYWxtX2xvY2FsMB4XDTIxMDQwNzE4NTA1NloXDTMxMDQwNzE4NTIzNlowGzEZMBcGA1UEAwwQYzRwb19yZWFsbV9sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOZf9cArayMWg+x1u/0JZm+A7R9SnR813NyduKcizvdeJb8H2QWkc+JnGPZ4mvf0fqAq+tvxIyMVWuP0nwPju2VIItkzCbcLVF9wikZZvpLSudcJydUzTd/M2BAfXxSrhJT90qr2vpy5ZlUzMql5A8yy4RSZ3NUs7vLVlySsq4puDqP4gH725k4rJXYCdWB/8HKnx9PI4FYckg0l3Xuh3o04Ybg7DOBanmjwDQc7acQ8GA6O7I/Zg/FBPTb8s169qNDVfib2b9h9ER7YdylH/IibWubY6PsGOL0AD75HzjncJ/lxLFiIWcChjD3mHqhE0+pCkF//1GzXPuWE+dd1NT0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAgat1JOdb/cvKGc2rFRH4XuiP7mUrzJo+gCQNbikXEFZQHYeKUci3n9QIeFGUCwALgQdgWeeQG4wR1Hu95FkGFk9uMlt2w5lh5eCuTHX1fW6UMiUL4Cw1kgfyW6Lw8Ffk58qW6BAM76yTKgyYc6o8Hhvgw5X/sqxz4IXWgSB2+Zj8AjdaeThsOtnefpXChSSrGnoJwZqXLc1rLWvqtqiIVtJau0CO4qZ7VXiSHwJvZpF7+vLMWig9zEVnvNX38HGWcfGCymGRxjVP8mjC/GE1WG9jLU55otvE3Fll6/XXhndXh6imRzgvG41qdlvOz/gQgtcI5LBw8YCZ5EJQay93oQ==" ], - "priority" : [ "100" ] - } - } ] - }, - "internationalizationEnabled" : true, - "supportedLocales" : [ "de", "en" ], - "defaultLocale" : "en", - "authenticationFlows" : [ { - "id" : "0296b89f-2d7b-4931-b4ce-72167e83d8b7", - "alias" : "Account verification options", - "description" : "Method with which to verity the existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-email-verification", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Verify Existing Account by Re-authentication", - "userSetupAllowed" : false - } ] - }, { - "id" : "64a2976c-5625-41a2-97d7-b53e78cc3a92", - "alias" : "Authentication Options", - "description" : "Authentication options.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "basic-auth", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "basic-auth-otp", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-spnego", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 30, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "23dce318-8864-429d-8e42-8f60adf87bb8", - "alias" : "Browser - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-otp-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "07c663a3-9361-4fb1-ac6f-6af140b9d8b5", - "alias" : "Direct Grant - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "direct-grant-validate-otp", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "8a797183-07fc-44a1-80a5-bfa6b4d727e1", - "alias" : "First broker login - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-otp-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "98e3631a-0ff2-4528-b835-4836d755b430", - "alias" : "Handle Existing Account", - "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-confirm-link", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Account verification options", - "userSetupAllowed" : false - } ] - }, { - "id" : "849a9f5a-0389-4de4-8da7-9561a1e266e8", - "alias" : "Reset - Conditional OTP", - "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-otp", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "e196e161-37ce-4616-be7f-b1742c4f7453", - "alias" : "User creation or linking", - "description" : "Flow for the existing/non-existing user alternatives", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "create unique user config", - "authenticator" : "idp-create-user-if-unique", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Handle Existing Account", - "userSetupAllowed" : false - } ] - }, { - "id" : "ab6e417d-91a9-4a2e-a288-230b30ed2608", - "alias" : "Verify Existing Account by Re-authentication", - "description" : "Reauthentication of existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-username-password-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "First broker login - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "ed177a27-8acf-46c9-aecd-66a9de099b71", - "alias" : "browser", - "description" : "browser based authentication", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-cookie", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-spnego", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "identity-provider-redirector", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 25, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 30, - "autheticatorFlow" : true, - "flowAlias" : "forms", - "userSetupAllowed" : false - } ] - }, { - "id" : "7e14a81b-508b-4a78-aeca-c783e209209d", - "alias" : "clients", - "description" : "Base authentication for clients", - "providerId" : "client-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "client-secret", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-jwt", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-secret-jwt", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 30, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-x509", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 40, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "6e52e23e-d83f-46c2-bc4d-e336999e2293", - "alias" : "direct grant", - "description" : "OpenID Connect Resource Owner Grant", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "direct-grant-validate-username", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "direct-grant-validate-password", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 30, - "autheticatorFlow" : true, - "flowAlias" : "Direct Grant - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "6d476080-ebc3-4bce-90ac-93afc891a83e", - "alias" : "docker auth", - "description" : "Used by Docker clients to authenticate against the IDP", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "docker-http-basic-authenticator", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "1143f6ea-867a-4b08-974e-86a4b9ba8601", - "alias" : "first broker login", - "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "review profile config", - "authenticator" : "idp-review-profile", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "User creation or linking", - "userSetupAllowed" : false - } ] - }, { - "id" : "2090f383-dcab-441c-9f37-5b37504a1692", - "alias" : "forms", - "description" : "Username, password, otp and other auth forms.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-username-password-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Browser - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "13395ad8-a0eb-42f4-9d9d-c715c717d181", - "alias" : "http challenge", - "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "no-cookie-redirect", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Authentication Options", - "userSetupAllowed" : false - } ] - }, { - "id" : "a656e7fc-fa52-46e3-9fc1-654cafe37087", - "alias" : "registration", - "description" : "registration flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-page-form", - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : true, - "flowAlias" : "registration form", - "userSetupAllowed" : false - } ] - }, { - "id" : "84e1ffa9-3dd8-4b32-8cd9-e4bbc4631624", - "alias" : "registration form", - "description" : "registration form", - "providerId" : "form-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-user-creation", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-profile-action", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 40, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-password-action", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 50, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-recaptcha-action", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 60, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "68dad811-63ec-484a-a0b9-9656edc6921e", - "alias" : "reset credentials", - "description" : "Reset credentials for a user if they forgot their password or something", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "reset-credentials-choose-user", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-credential-email", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-password", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 30, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 40, - "autheticatorFlow" : true, - "flowAlias" : "Reset - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "9a212f2d-80ae-4051-9d09-28d016809204", - "alias" : "saml ecp", - "description" : "SAML ECP Profile Authentication Flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "http-basic-authenticator", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - } ], - "authenticatorConfig" : [ { - "id" : "9e437782-7c8f-4732-a1e6-cd84abdf78e3", - "alias" : "create unique user config", - "config" : { - "require.password.update.after.registration" : "false" - } - }, { - "id" : "8d01fb5d-be3d-42d9-ae27-592fab7d8d14", - "alias" : "review profile config", - "config" : { - "update.profile.on.first.login" : "missing" - } - } ], - "requiredActions" : [ { - "alias" : "CONFIGURE_TOTP", - "name" : "Configure OTP", - "providerId" : "CONFIGURE_TOTP", - "enabled" : true, - "defaultAction" : false, - "priority" : 10, - "config" : { } - }, { - "alias" : "terms_and_conditions", - "name" : "Terms and Conditions", - "providerId" : "terms_and_conditions", - "enabled" : false, - "defaultAction" : false, - "priority" : 20, - "config" : { } - }, { - "alias" : "UPDATE_PASSWORD", - "name" : "Update Password", - "providerId" : "UPDATE_PASSWORD", - "enabled" : true, - "defaultAction" : false, - "priority" : 30, - "config" : { } - }, { - "alias" : "UPDATE_PROFILE", - "name" : "Update Profile", - "providerId" : "UPDATE_PROFILE", - "enabled" : true, - "defaultAction" : false, - "priority" : 40, - "config" : { } - }, { - "alias" : "VERIFY_EMAIL", - "name" : "Verify Email", - "providerId" : "VERIFY_EMAIL", - "enabled" : true, - "defaultAction" : false, - "priority" : 50, - "config" : { } - }, { - "alias" : "delete_account", - "name" : "Delete Account", - "providerId" : "delete_account", - "enabled" : false, - "defaultAction" : false, - "priority" : 60, - "config" : { } - }, { - "alias" : "update_user_locale", - "name" : "Update User Locale", - "providerId" : "update_user_locale", - "enabled" : true, - "defaultAction" : false, - "priority" : 1000, - "config" : { } - } ], - "browserFlow" : "browser", - "registrationFlow" : "registration", - "directGrantFlow" : "direct grant", - "resetCredentialsFlow" : "reset credentials", - "clientAuthenticationFlow" : "clients", - "dockerAuthenticationFlow" : "docker auth", - "attributes" : { - "cibaBackchannelTokenDeliveryMode" : "poll", - "cibaAuthRequestedUserHint" : "login_hint", - "clientOfflineSessionMaxLifespan" : "0", - "oauth2DevicePollingInterval" : "5", - "clientSessionIdleTimeout" : "0", - "actionTokenGeneratedByUserLifespan-execute-actions" : "", - "actionTokenGeneratedByUserLifespan-verify-email" : "", - "clientOfflineSessionIdleTimeout" : "0", - "actionTokenGeneratedByUserLifespan-reset-credentials" : "", - "cibaInterval" : "5", - "realmReusableOtpCode" : "false", - "cibaExpiresIn" : "120", - "oauth2DeviceCodeLifespan" : "600", - "actionTokenGeneratedByUserLifespan-idp-verify-account-via-email" : "", - "parRequestUriLifespan" : "60", - "clientSessionMaxLifespan" : "0" - }, - "keycloakVersion" : "20.0.0", - "userManagedAccessAllowed" : false, - "clientProfiles" : { - "profiles" : [ ] - }, - "clientPolicies" : { - "policies" : [ ] - } -} \ No newline at end of file diff --git a/security-c4po-cfg/docker-compose.yml b/security-c4po-cfg/docker-compose.yml index 480142d..545496c 100644 --- a/security-c4po-cfg/docker-compose.yml +++ b/security-c4po-cfg/docker-compose.yml @@ -6,14 +6,18 @@ volumes: services: # Database c4po-db: - image: mongo:latest + image: mongo:5.0.0-focal container_name: c4po-db + environment: + - MONGO_INITDB_ROOT_USERNAME=admin + - MONGO_INITDB_ROOT_PASSWORD=Test1234! + - MONGO_INITDB_DATABASE=admin volumes: - ./volumes/mongodb/data/:/db/data deploy: resources: limits: - memory: "1G" + memory: "2G" ports: - 27017:27017 networks: