From ab1af50eda2b9ae984a119e074794ce90552cfe0 Mon Sep 17 00:00:00 2001 From: Marcel Haag Date: Fri, 6 Aug 2021 11:37:39 +0200 Subject: [PATCH] Fix: Adding mongodb and docker-compose --- .gitignore | 4 + c4po.sh | 21 +- security-c4po-api/.gitignore | 1 + security-c4po-api/Dockerfile | 17 +- security-c4po-api/build.gradle.kts | 19 +- .../api/configuration/security/Appuser.kt | 6 +- .../security/AppuserJwtAuthConverter.kt | 41 +- .../security/UserAccountDetailsService.kt | 15 - .../security/WebSecurityConfiguration.kt | 10 +- .../com/securityc4po/api/project/Project.kt | 2 +- .../resources/application-COMPOSE.properties | 9 + .../main/resources/application-DEV.properties | 8 + .../src/main/resources/application.properties | 11 +- .../securityc4po/api/BaseContainerizedTest.kt | 96 + .../api/BaseDocumentationIntTest.kt | 2 +- .../com/securityc4po/api/BaseIntTest.kt | 2 +- .../ProjectControllerDocumentationTest.kt | 5 +- .../api/project/ProjectControllerIntTest.kt | 108 +- .../api/project/ProjectServiceTest.kt | 4 +- .../test/resources/create-keycloak-user.sh | 28 + .../src/test/resources/insert-mongodb-user.js | 12 + .../test/resources/outdated_realm-export.json | 2230 +++++++++++++++++ .../src/test/resources/realm-export.json | 1813 ++++++++++++++ .../src/test/resources/script_local | 28 + .../backend/docker-compose.backend.yml | 13 +- security-c4po-cfg/cfg/c4po_realm_export.json | 58 +- security-c4po-cfg/cfg/keycloak.env | 2 +- security-c4po-cfg/docker-compose.yml | 89 + .../frontend/docker-compose.frontend.yml | 7 +- .../kc/docker-compose.keycloak.yml | 11 +- security-c4po-cfg/mongodb/.DS_Store | Bin 6148 -> 0 bytes .../mongodb/docker-compose.mongodb.yml | 5 +- security-c4po-cfg/volumes/.DS_Store | Bin 6148 -> 0 bytes security-c4po-cfg/volumes/keycloak/.DS_Store | Bin 6148 -> 0 bytes .../volumes/keycloak/data/.DS_Store | Bin 6148 -> 0 bytes security-c4po-cfg/volumes/mongodb/.DS_Store | Bin 6148 -> 0 bytes .../volumes/mongodb/data/.DS_Store | Bin 6148 -> 0 bytes 37 files changed, 4525 insertions(+), 152 deletions(-) create mode 100644 .gitignore delete mode 100644 security-c4po-api/src/main/kotlin/com/securityc4po/api/configuration/security/UserAccountDetailsService.kt create mode 100644 security-c4po-api/src/main/resources/application-COMPOSE.properties create mode 100644 security-c4po-api/src/main/resources/application-DEV.properties create mode 100644 security-c4po-api/src/test/resources/create-keycloak-user.sh create mode 100644 security-c4po-api/src/test/resources/insert-mongodb-user.js create mode 100644 security-c4po-api/src/test/resources/outdated_realm-export.json create mode 100644 security-c4po-api/src/test/resources/realm-export.json create mode 100644 security-c4po-api/src/test/resources/script_local create mode 100644 security-c4po-cfg/docker-compose.yml delete mode 100644 security-c4po-cfg/mongodb/.DS_Store delete mode 100644 security-c4po-cfg/volumes/.DS_Store delete mode 100644 security-c4po-cfg/volumes/keycloak/.DS_Store delete mode 100644 security-c4po-cfg/volumes/keycloak/data/.DS_Store delete mode 100644 security-c4po-cfg/volumes/mongodb/.DS_Store delete mode 100644 security-c4po-cfg/volumes/mongodb/data/.DS_Store diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2c6a7df --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +.DS_Store +# Volumes +/security-c4po-cfg/volumes/keycloak/data/* +/security-c4po-cfg/volumes/mongodb/data/* diff --git a/c4po.sh b/c4po.sh index eecd5a1..d9b6bcd 100755 --- a/c4po.sh +++ b/c4po.sh @@ -1,12 +1,17 @@ #!/bin/bash -docker_reg="c4po.io" baseDir=$(pwd) +composeDir=$baseDir"/security-c4po-cfg" +keycloakVolume="security-c4po-cfg/volumes/keycloak/data/*" +mongoVolume="security-c4po-cfg/volumes/mongodb/data/*" + composeKeycloak=$baseDir"/security-c4po-cfg/kc/docker-compose.keycloak.yml" composeDatabase=$baseDir"/security-c4po-cfg/mongodb/docker-compose.mongodb.yml" composeFrontend=$baseDir"/security-c4po-cfg/frontend/docker-compose.frontend.yml" composeBackend=$baseDir"/security-c4po-cfg/backend/docker-compose.backend.yml" +compose=$baseDir"/security-c4po-cfg/docker-compose.yml" + echo -e " _______ _______ _______ _ _ ______ _____ _______ __ __ |______ |______ | | | |_____/ | | \_/ @@ -19,13 +24,13 @@ ______| |______ |_____ |_____| | \_ __|__ | | _/_/_/ _/ echo "-------------CLEAN UP Container---------------" echo -e "\n" -#docker rm -f security-c4po-keycloak -#docker rm -f security-c4po-postgres-keycloak -docker rm -f security-c4po-security-c4po-db -docker rm -f security-c4po-api -docker rm -f security-c4po-angular +rm -r ${keycloakVolume} +docker rm -f c4po-keycloak +docker rm -f c4po-keycloak-postgres +docker rm -f c4po-db +docker rm -f c4po-api +docker rm -f c4po-angular echo -e "\n" - echo "-----------------Start Build------------------" echo -e "\n" echo " - Backend: " @@ -34,7 +39,9 @@ echo -e "\n" echo " - Frontend: " docker-compose -f ${composeFrontend} build echo -e "\n" +# docker-compose -f ${compose} up echo "------------Start Docker Container------------" echo -e "\n" docker-compose -f ${composeKeycloak} -f ${composeDatabase} -f ${composeBackend} -f ${composeFrontend} up +# docker-compose -f ${compose} up diff --git a/security-c4po-api/.gitignore b/security-c4po-api/.gitignore index c2065bc..d67cd18 100644 --- a/security-c4po-api/.gitignore +++ b/security-c4po-api/.gitignore @@ -1,5 +1,6 @@ HELP.md .gradle +*.DS_Store build/ !gradle/wrapper/gradle-wrapper.jar !**/src/main/**/build/ diff --git a/security-c4po-api/Dockerfile b/security-c4po-api/Dockerfile index e14b773..8c3ffcf 100644 --- a/security-c4po-api/Dockerfile +++ b/security-c4po-api/Dockerfile @@ -1,7 +1,20 @@ FROM openjdk:11-jre +ENV TZ=Europe/Berlin +RUN groupadd -g 9999 security-c4po-api && \ + useradd -r -u 9999 -g security-c4po-api security-c4po-api +RUN mkdir /data +RUN chown security-c4po-api:security-c4po-api /data +USER security-c4po-api + +# GET CURRENT STAGE +ARG STAGE +ENV ENV_STAGE=$STAGE # COPY PACKAGE INTO IMAGE -COPY ./build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar . +COPY ./build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar / +USER security-c4po-api +EXPOSE 8443 # RUN JAVA -CMD [ "java", "-jar", "security-c4po-api-0.0.1-SNAPSHOT.jar" ] +# CMD [ "java", "-jar", "security-c4po-api-0.0.1-SNAPSHOT.jar" ] +ENTRYPOINT [ "java", "-jar", "-Dspring.profiles.active=${ENV_STAGE}", "security-c4po-api-0.0.1-SNAPSHOT.jar" ] diff --git a/security-c4po-api/build.gradle.kts b/security-c4po-api/build.gradle.kts index 61f03a9..828fab9 100644 --- a/security-c4po-api/build.gradle.kts +++ b/security-c4po-api/build.gradle.kts @@ -36,6 +36,8 @@ repositories { mavenCentral() } +apply(plugin = "org.asciidoctor.jvm.convert") + dependencyCheck { autoUpdate = true cveValidForHours = 1 @@ -59,28 +61,33 @@ val snippetsDir = file("build/generated-snippets") dependencies { implementation("com.fasterxml.jackson.datatype:jackson-datatype-joda:2.11.3") - implementation("io.projectreactor.kotlin:reactor-kotlin-extensions:1.1.1") - implementation("javax.websocket:javax.websocket-api:1.1") - implementation("org.springframework.boot:spring-boot-starter-oauth2-resource-server") + implementation("org.springframework.boot:spring-boot-starter-data-mongodb") + implementation("org.springframework.boot:spring-boot-starter-data-mongodb-reactive") + implementation("org.springframework.boot:spring-boot-starter-webflux") implementation("org.springframework.boot:spring-boot-starter-actuator") + implementation("io.projectreactor.kotlin:reactor-kotlin-extensions:1.1.1") implementation("com.fasterxml.jackson.module:jackson-module-kotlin") - implementation("org.springframework.boot:spring-boot-starter-data-mongodb-reactive") - implementation("org.springframework.boot:spring-boot-starter-data-mongodb") implementation("org.jetbrains.kotlin:kotlin-reflect") implementation("org.jetbrains.kotlin:kotlin-stdlib-jdk8") implementation("com.github.spotbugs:spotbugs-annotations:4.1.2") + + implementation("org.springframework.boot:spring-boot-starter-oauth2-resource-server") + implementation("org.springframework.boot:spring-boot-starter-oauth2-client") + implementation("com.auth0:java-jwt:3.18.1") implementation("org.modelmapper:modelmapper:2.3.2") - api("org.springframework.boot:spring-boot-starter-test") api("org.springframework.security:spring-security-jwt:1.1.1.RELEASE") + testImplementation("org.springframework.boot:spring-boot-starter-test") testImplementation("com.nhaarman.mockitokotlin2:mockito-kotlin:2.1.0") testImplementation("io.projectreactor:reactor-test") testImplementation("org.junit.jupiter:junit-jupiter-api:5.3.1") testImplementation("org.junit.jupiter:junit-jupiter-engine:5.3.1") testImplementation("org.springframework.cloud:spring-cloud-contract-wiremock:2.1.0.RELEASE") testImplementation("org.springframework.restdocs:spring-restdocs-webtestclient") + testImplementation("com.github.spotbugs:spotbugs-annotations:4.1.2") + testApi("org.testcontainers:junit-jupiter:1.15.2") } jacoco { diff --git a/security-c4po-api/src/main/kotlin/com/securityc4po/api/configuration/security/Appuser.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/configuration/security/Appuser.kt index bb6ad3e..0db770d 100644 --- a/security-c4po-api/src/main/kotlin/com/securityc4po/api/configuration/security/Appuser.kt +++ b/security-c4po-api/src/main/kotlin/com/securityc4po/api/configuration/security/Appuser.kt @@ -5,7 +5,11 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority import org.springframework.security.core.GrantedAuthority import org.springframework.security.core.userdetails.UserDetails -class Appuser : UserDetails { +class Appuser internal constructor( + val sub: String, + val extractedUsername: String, + val token: String +) : UserDetails { override fun getAuthorities(): Collection { return listOf("user").stream().map { diff --git a/security-c4po-api/src/main/kotlin/com/securityc4po/api/configuration/security/AppuserJwtAuthConverter.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/configuration/security/AppuserJwtAuthConverter.kt index 68bf153..d1616b5 100644 --- a/security-c4po-api/src/main/kotlin/com/securityc4po/api/configuration/security/AppuserJwtAuthConverter.kt +++ b/security-c4po-api/src/main/kotlin/com/securityc4po/api/configuration/security/AppuserJwtAuthConverter.kt @@ -9,19 +9,33 @@ import org.springframework.security.core.GrantedAuthority import org.springframework.security.core.authority.SimpleGrantedAuthority import org.springframework.security.oauth2.jwt.Jwt import reactor.core.publisher.Mono +import reactor.kotlin.core.publisher.toMono import java.util.stream.Collectors /** JWT converter that takes the roles from 'groups' claim of JWT token. */ -class AppuserJwtAuthConverter( - private val appuserDetailsService: UserAccountDetailsService) : Converter> { +class AppuserJwtAuthConverter : Converter> { override fun convert(jwt: Jwt): Mono { val authorities = extractAuthorities(jwt) - return appuserDetailsService - .findByUsername(jwt.getClaimAsString("sub")) - .map { u -> - UsernamePasswordAuthenticationToken(u, "n/a", authorities); - } + val sub = extractSub(jwt) + val username = extractUserName(jwt) + return UsernamePasswordAuthenticationToken(Appuser(sub, username, jwt.tokenValue!!), "n/a", authorities).toMono() + } + + private fun extractSub(jwt: Jwt): String { + val sub = jwt.getClaims().get(SUB).toString() + if (sub.isEmpty() || sub.equals("null")) { + return "n/a" + } + return sub + } + + private fun extractUserName(jwt: Jwt): String { + val username = jwt.getClaims().get(USERNAME).toString() + if (username.isEmpty() || username.equals("null")) { + return "n/a" + } + return username } private fun extractAuthorities(jwt: Jwt): Collection { @@ -35,19 +49,18 @@ class AppuserJwtAuthConverter( private fun getScopes(jwt: Jwt): Collection { val mapper = ObjectMapper() val scopes = jwt.getClaims().get(GROUPS_CLAIM).toString() - if (scopes != null) { - val roleStringValue = mapper.readTree(scopes).get("roles").toString() - val roles = mapper.readValue>(roleStringValue) - if (!roles.isEmpty()){ - return roles - } + val roleStringValue = mapper.readTree(scopes).get("roles").toString() + val roles = mapper.readValue>(roleStringValue) + if (!roles.isEmpty()){ + return roles } - return emptyList() } companion object { private val GROUPS_CLAIM = "realm_access" private val ROLE_PREFIX = "ROLE_" + private val SUB = "sub" + private val USERNAME = "username" } } diff --git a/security-c4po-api/src/main/kotlin/com/securityc4po/api/configuration/security/UserAccountDetailsService.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/configuration/security/UserAccountDetailsService.kt deleted file mode 100644 index 39618f2..0000000 --- a/security-c4po-api/src/main/kotlin/com/securityc4po/api/configuration/security/UserAccountDetailsService.kt +++ /dev/null @@ -1,15 +0,0 @@ -package com.securityc4po.api.configuration.security - -import org.springframework.security.core.userdetails.ReactiveUserDetailsService -import org.springframework.security.core.userdetails.UserDetails -import org.springframework.stereotype.Service -import reactor.core.publisher.Mono -import reactor.kotlin.core.publisher.toMono - -@Service -class UserAccountDetailsService : ReactiveUserDetailsService { - - override fun findByUsername(username: String): Mono { - return Appuser().toMono() - } -} diff --git a/security-c4po-api/src/main/kotlin/com/securityc4po/api/configuration/security/WebSecurityConfiguration.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/configuration/security/WebSecurityConfiguration.kt index fb358b7..27cb711 100644 --- a/security-c4po-api/src/main/kotlin/com/securityc4po/api/configuration/security/WebSecurityConfiguration.kt +++ b/security-c4po-api/src/main/kotlin/com/securityc4po/api/configuration/security/WebSecurityConfiguration.kt @@ -1,18 +1,18 @@ package com.securityc4po.api.configuration.security +import org.springframework.boot.autoconfigure.web.reactive.WebFluxAutoConfiguration import org.springframework.context.annotation.Bean -import org.springframework.context.annotation.Configuration +import org.springframework.context.annotation.Lazy import org.springframework.http.HttpMethod -import org.springframework.web.cors.CorsConfiguration import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity import org.springframework.security.config.web.server.ServerHttpSecurity import org.springframework.security.web.server.SecurityWebFilterChain +import org.springframework.web.cors.CorsConfiguration -@Configuration @EnableWebFluxSecurity @EnableReactiveMethodSecurity -class WebSecurityConfiguration(private val userAccountDetailsService: UserAccountDetailsService) { +class WebSecurityConfiguration { @Bean fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain { @@ -43,6 +43,6 @@ class WebSecurityConfiguration(private val userAccountDetailsService: UserAccoun @Bean fun appuserJwtAuthenticationConverter(): AppuserJwtAuthConverter { - return AppuserJwtAuthConverter(userAccountDetailsService) + return AppuserJwtAuthConverter() } } diff --git a/security-c4po-api/src/main/kotlin/com/securityc4po/api/project/Project.kt b/security-c4po-api/src/main/kotlin/com/securityc4po/api/project/Project.kt index d609b6e..af3fcf8 100644 --- a/security-c4po-api/src/main/kotlin/com/securityc4po/api/project/Project.kt +++ b/security-c4po-api/src/main/kotlin/com/securityc4po/api/project/Project.kt @@ -18,7 +18,7 @@ data class Project( ) fun Project.toProjectResponseBody(): ResponseBody { - return kotlin.collections.mapOf( + return mapOf( "id" to id, "client" to client, "title" to title, diff --git a/security-c4po-api/src/main/resources/application-COMPOSE.properties b/security-c4po-api/src/main/resources/application-COMPOSE.properties new file mode 100644 index 0000000..0eb417a --- /dev/null +++ b/security-c4po-api/src/main/resources/application-COMPOSE.properties @@ -0,0 +1,9 @@ +## IdentityProvider (Keycloak) ## +# spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8888/auth/realms/c4po_realm_local +# keycloakhost=localhost +# keycloak.client.url=http://localhost:8888/ + +## Database (MONGODB) Config ## +#spring.data.mongodb.host=c4po-db +spring.data.mongodb.host=localhost +spring.data.mongodb.port=27017 \ No newline at end of file diff --git a/security-c4po-api/src/main/resources/application-DEV.properties b/security-c4po-api/src/main/resources/application-DEV.properties new file mode 100644 index 0000000..f3fb2e6 --- /dev/null +++ b/security-c4po-api/src/main/resources/application-DEV.properties @@ -0,0 +1,8 @@ +## IdentityProvider (Keycloak) ## +# spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8888/auth/realms/c4po_realm_local +# keycloakhost=localhost +# keycloak.client.url=http://localhost:8888/ + +## Database (MONGODB) Config ## +spring.data.mongodb.host=localhost +spring.data.mongodb.port=27017 \ No newline at end of file diff --git a/security-c4po-api/src/main/resources/application.properties b/security-c4po-api/src/main/resources/application.properties index 0589678..327d23c 100644 --- a/security-c4po-api/src/main/resources/application.properties +++ b/security-c4po-api/src/main/resources/application.properties @@ -1,6 +1,7 @@ ## General Properties ## -spring.main.web-application-type=reactive +# spring.main.web-application-type=reactive spring.main.allow-bean-definition-overriding=true +spring.jackson.default-property-inclusion=non_null ## Server Config ## server.port=8443 @@ -12,11 +13,11 @@ management.endpoints.web.exposure.include=info, health, metrics ## Database (MONGODB) Config ## spring.data.mongodb.database=c4po -spring.data.mongodb.host=localhost -spring.data.mongodb.port=27017 spring.data.mongodb.auto-index-creation=true -## IdentityProvider (Keycloak for tests) ## +## IdentityProvider (Keycloak) ## spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8888/auth/realms/c4po_realm_local keycloakhost=localhost -keycloak.client.url=http://localhost:8888/ \ No newline at end of file +keycloak.client.url=http://localhost:8888/ +# keycloak.client.realm.path=auth/realms/c4po_realm_local/ +idp.jwt.claim.name.user=username \ No newline at end of file diff --git a/security-c4po-api/src/test/kotlin/com/securityc4po/api/BaseContainerizedTest.kt b/security-c4po-api/src/test/kotlin/com/securityc4po/api/BaseContainerizedTest.kt index a383f67..c8f98c4 100644 --- a/security-c4po-api/src/test/kotlin/com/securityc4po/api/BaseContainerizedTest.kt +++ b/security-c4po-api/src/test/kotlin/com/securityc4po/api/BaseContainerizedTest.kt @@ -1,9 +1,105 @@ package com.securityc4po.api +import com.fasterxml.jackson.annotation.JsonIgnoreProperties +import com.github.dockerjava.api.model.ExposedPort +import com.github.dockerjava.api.model.PortBinding +import com.github.dockerjava.api.model.Ports +import com.nimbusds.jwt.JWTParser import org.junit.jupiter.api.TestInstance +import org.springframework.beans.factory.annotation.Value +import org.springframework.cloud.contract.wiremock.AutoConfigureWireMock +import org.springframework.http.HttpEntity +import org.springframework.http.HttpHeaders +import org.springframework.http.MediaType import org.springframework.test.context.TestPropertySource +import org.springframework.util.LinkedMultiValueMap +import org.springframework.web.client.RestTemplate +import org.testcontainers.shaded.com.fasterxml.jackson.databind.ObjectMapper +import org.testcontainers.containers.GenericContainer +import org.testcontainers.images.builder.ImageFromDockerfile +import org.testcontainers.utility.DockerImageName +import org.testcontainers.utility.MountableFile +import java.nio.file.Paths @TestInstance(TestInstance.Lifecycle.PER_CLASS) +@AutoConfigureWireMock(port = 0) +@TestPropertySource(properties = [ + "spring.data.mongodb.port=10002", + "spring.data.mongodb.authentication-database=admin", + "spring.data.mongodb.password=test", + "spring.data.mongodb.username=testuser", + "MONGO_DB_MAX_CONNECTION_IDLE_TIME=PT25M", + "DATA_REFRESH_THRESHOLD_DURATION=PT30M", + "CLEANUP_BATCH_SIZE_FOR_SELECTING_EXPIRED_USERS=100" +]) abstract class BaseContainerizedTest { + @Value("\${keycloakhost}") + var keycloakhost: String? = null + companion object { + val mongoDbContainer = KGenericContainer(ImageFromDockerfile("c4poapibasecontainerizedtest").withDockerfileFromBuilder { + it.from("mongo") + it.env("MONGO_INITDB_ROOT_USERNAME", "root") + it.env("MONGO_INITDB_ROOT_PASSWORD", "cjwkbencowepoc324pon2mop3mp4") + it.env("MONGO_INITDB_DATABASE", "admin") + it.add("insert-mongodb-user.js", "/docker-entrypoint-initdb.d") + }.withFileFromPath("insert-mongodb-user.js", Paths.get(MountableFile.forClasspathResource("insert-mongodb-user.js", 700).resolvedPath)) + ).apply { + withCreateContainerCmdModifier { + it.hostConfig?.withPortBindings(PortBinding(Ports.Binding.bindPort(10002), ExposedPort(27017))) + } + start() + } + + val keycloakContainer = KGenericContainerFromImage(DockerImageName.parse("jboss/keycloak:6.0.1")).apply { + withEnv("KEYCLOAK_USER", "admin") + withEnv("KEYCLOAK_PASSWORD", "admin") + withEnv("KEYCLOAK_IMPORT", "/tmp/realm.json") + withEnv("DB_VENDOR", "h2") + withCreateContainerCmdModifier { + it.hostConfig?.withPortBindings(PortBinding(Ports.Binding.bindPort(8888), ExposedPort(8080))) + } + withCopyFileToContainer(MountableFile.forClasspathResource("outdated_realm-export.json", 700), "/tmp/realm.json") + withCopyFileToContainer(MountableFile.forClasspathResource("create-keycloak-user.sh", 700), + "/opt/jboss/create-keycloak-user.sh") + start() + println("== Inserting users must wait until Keycloak is started completely ==") + execInContainer("sh", "/opt/jboss/create-keycloak-user.sh") + } + } + + var token = "n/a" + var tokenAdmin = "n/a" + var tokenUser = "n/a" + var keycloakHost: String? = null + + fun getAccessToken(username: String, password: String, clientId: String, realm: String): String { + keycloakHost = "http://" + keycloakhost + ":" + keycloakContainer.getMappedPort(8080) + val restTemplate = RestTemplate() + val headers = HttpHeaders() + headers.contentType = MediaType.APPLICATION_FORM_URLENCODED + + val map = LinkedMultiValueMap() + map.add("grant_type", "password") + map.add("client_id", clientId) + map.add("username", username) + map.add("password", password) + map.add("client_secret", "secret") + val responseString = restTemplate.postForObject("$keycloakHost/auth/realms/$realm/protocol/openid-connect/token", + HttpEntity(map, headers), String::class.java) + val token = ObjectMapper().readValue(responseString, KeyCloakToken::class.java) + return token.access_token!! + } + + fun getSubClaim(token: String): String { + val jwt = JWTParser.parse(token) + val scopes = ObjectMapper().readValue(jwt.jwtClaimsSet.toJSONObject().toJSONString(), HashMap::class.java) + return scopes["sub"] as String + } + + @JsonIgnoreProperties(ignoreUnknown = true) + class KeyCloakToken(val access_token: String? = null) + + class KGenericContainerFromImage(imageName: DockerImageName) : GenericContainer(imageName) + class KGenericContainer(dockerFile: ImageFromDockerfile) : GenericContainer(dockerFile) } \ No newline at end of file diff --git a/security-c4po-api/src/test/kotlin/com/securityc4po/api/BaseDocumentationIntTest.kt b/security-c4po-api/src/test/kotlin/com/securityc4po/api/BaseDocumentationIntTest.kt index cff40b3..3f16153 100644 --- a/security-c4po-api/src/test/kotlin/com/securityc4po/api/BaseDocumentationIntTest.kt +++ b/security-c4po-api/src/test/kotlin/com/securityc4po/api/BaseDocumentationIntTest.kt @@ -28,7 +28,7 @@ abstract class BaseDocumentationIntTest : BaseContainerizedTest() { @BeforeEach fun setupDocs(restDocumentation: RestDocumentationContextProvider) { webTestClient = WebTestClient.bindToServer() - .baseUrl("com.securityc4po.api.http://localhost:$port") + .baseUrl("http://localhost:$port") .filter(documentationConfiguration(restDocumentation)) .responseTimeout(Duration.ofMillis(10000)) .build() diff --git a/security-c4po-api/src/test/kotlin/com/securityc4po/api/BaseIntTest.kt b/security-c4po-api/src/test/kotlin/com/securityc4po/api/BaseIntTest.kt index 65e7b77..f12646b 100644 --- a/security-c4po-api/src/test/kotlin/com/securityc4po/api/BaseIntTest.kt +++ b/security-c4po-api/src/test/kotlin/com/securityc4po/api/BaseIntTest.kt @@ -8,4 +8,4 @@ import org.springframework.test.context.junit.jupiter.SpringExtension @ExtendWith(SpringExtension::class) @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) @DirtiesContext -abstract class BaseIntTest : BaseContainerizedTest() { } \ No newline at end of file +abstract class BaseIntTest : BaseContainerizedTest() \ No newline at end of file diff --git a/security-c4po-api/src/test/kotlin/com/securityc4po/api/project/ProjectControllerDocumentationTest.kt b/security-c4po-api/src/test/kotlin/com/securityc4po/api/project/ProjectControllerDocumentationTest.kt index 0bf18a8..a15dcc8 100644 --- a/security-c4po-api/src/test/kotlin/com/securityc4po/api/project/ProjectControllerDocumentationTest.kt +++ b/security-c4po-api/src/test/kotlin/com/securityc4po/api/project/ProjectControllerDocumentationTest.kt @@ -9,6 +9,7 @@ import org.junit.jupiter.api.Nested import org.junit.jupiter.api.Test import org.springframework.beans.factory.annotation.Autowired import org.springframework.cloud.contract.wiremock.AutoConfigureWireMock +import org.springframework.data.mongodb.core.MongoTemplate import org.springframework.restdocs.operation.preprocess.Preprocessors import org.springframework.restdocs.payload.JsonFieldType import org.springframework.restdocs.payload.PayloadDocumentation @@ -18,8 +19,8 @@ import org.springframework.restdocs.webtestclient.WebTestClientRestDocumentation @SuppressFBWarnings(SIC_INNER_SHOULD_BE_STATIC) class ProjectControllerDocumentationTest : BaseDocumentationIntTest() { - /*@Autowired - lateinit var mongoTemplate: MongoTemplate*/ + @Autowired + lateinit var mongoTemplate: MongoTemplate @BeforeEach fun init() { diff --git a/security-c4po-api/src/test/kotlin/com/securityc4po/api/project/ProjectControllerIntTest.kt b/security-c4po-api/src/test/kotlin/com/securityc4po/api/project/ProjectControllerIntTest.kt index 335a505..6928f27 100644 --- a/security-c4po-api/src/test/kotlin/com/securityc4po/api/project/ProjectControllerIntTest.kt +++ b/security-c4po-api/src/test/kotlin/com/securityc4po/api/project/ProjectControllerIntTest.kt @@ -5,38 +5,54 @@ import com.securityc4po.api.BaseIntTest import com.securityc4po.api.configuration.SIC_INNER_SHOULD_BE_STATIC import com.securityc4po.api.configuration.URF_UNREAD_FIELD import edu.umd.cs.findbugs.annotations.SuppressFBWarnings +import io.netty.handler.ssl.SslContextBuilder import org.junit.jupiter.api.BeforeEach import org.junit.jupiter.api.Nested import org.junit.jupiter.api.Test import org.springframework.beans.factory.annotation.Autowired import org.springframework.boot.web.server.LocalServerPort import org.springframework.cloud.contract.wiremock.AutoConfigureWireMock +import org.springframework.data.mongodb.core.MongoTemplate +import org.springframework.data.mongodb.core.query.Query +import org.springframework.test.context.TestPropertySource import org.springframework.test.web.reactive.server.WebTestClient +import org.springframework.util.ResourceUtils +import reactor.netty.http.client.HttpClient import java.time.Duration @AutoConfigureWireMock(port = 0) -@SuppressFBWarnings(SIC_INNER_SHOULD_BE_STATIC, URF_UNREAD_FIELD, "Unread field will become used after database implementation") +/*@TestPropertySource( + properties = [ + "keycloak.client.url=http://localhost:${'$'}{wiremock.server.port}" + ] +)*/ +@SuppressFBWarnings( + SIC_INNER_SHOULD_BE_STATIC, + URF_UNREAD_FIELD, + "Unread field will become used after database implementation" +) class ProjectControllerIntTest : BaseIntTest() { @LocalServerPort private var port = 0 + @Autowired + lateinit var mongoTemplate: MongoTemplate + private lateinit var webTestClient: WebTestClient @BeforeEach fun setupWebClient() { webTestClient = WebTestClient.bindToServer() - .baseUrl("http://localhost:$port") - .responseTimeout(Duration.ofMillis(10000)) - .build() + .baseUrl("http://localhost:$port") + .responseTimeout(Duration.ofMillis(10000)) + .build() } - /*@Autowired - lateinit var mongoTemplate: MongoTemplate*/ - @BeforeEach fun init() { cleanUp() + configureAdminToken() persistBasicTestScenario() } @@ -44,63 +60,67 @@ class ProjectControllerIntTest : BaseIntTest() { inner class GetProjects { @Test fun `requesting projects successfully`() { - /* Implement after the implementation of database */ - - /*webTestClient.get().uri("/v1/projects") - .header("") - .exchange() - .expectStatus().isOk - .expectHeader().doesNotExist("") - .expectBody().json(Json.write(getProjects()))*/ + webTestClient.get().uri("/v1/projects") + .header("Authorization", "Bearer $tokenAdmin") + .exchange() + .expectStatus().isOk + .expectHeader().valueEquals("Application-Name", "security-c4po-api") + .expectBody().json(Json.write(getProjects())) } val projectOne = Project( - id = "4f6567a8-76fd-487b-8602-f82d0ca4d1f9", - client = "E Corp", - title = "Some Mock API (v1.0) Scanning", - createdAt = "2021-01-10T18:05:00Z", - tester = "Novatester", - logo = "Insert'E_Corp.png'BASE64Encoded" + id = "4f6567a8-76fd-487b-8602-f82d0ca4d1f9", + client = "E Corp", + title = "Some Mock API (v1.0) Scanning", + createdAt = "2021-01-10T18:05:00Z", + tester = "Novatester", + logo = "Insert'E_Corp.png'BASE64Encoded" ) val projectTwo = Project( - id = "61360a47-796b-4b3f-abf9-c46c668596c5", - client = "Allsafe", - title = "CashMyData (iOS)", - createdAt = "2021-01-10T18:05:00Z", - tester = "Elliot", - logo = "Insert'Allsafe.png'BASE64Encoded" + id = "61360a47-796b-4b3f-abf9-c46c668596c5", + client = "Allsafe", + title = "CashMyData (iOS)", + createdAt = "2021-01-10T18:05:00Z", + tester = "Elliot", + logo = "Insert'Allsafe.png'BASE64Encoded" ) private fun getProjects() = listOf( - projectOne.toProjectResponseBody(), - projectTwo.toProjectResponseBody() + projectOne.toProjectResponseBody(), + projectTwo.toProjectResponseBody() ) } private fun cleanUp() { - /*mongoTemplate.findAllAndRemove(Query(), Project::class.java)*/ + mongoTemplate.findAllAndRemove(Query(), Project::class.java) + + tokenAdmin = "n/a" } private fun persistBasicTestScenario() { // setup test data val projectOne = Project( - id = "4f6567a8-76fd-487b-8602-f82d0ca4d1f9", - client = "E Corp", - title = "Some Mock API (v1.0) Scanning", - createdAt = "2021-01-10T18:05:00Z", - tester = "Novatester", - logo = "Insert'E_Corp.png'BASE64Encoded" + id = "4f6567a8-76fd-487b-8602-f82d0ca4d1f9", + client = "E Corp", + title = "Some Mock API (v1.0) Scanning", + createdAt = "2021-01-10T18:05:00Z", + tester = "Novatester", + logo = "Insert'E_Corp.png'BASE64Encoded" ) val projectTwo = Project( - id = "61360a47-796b-4b3f-abf9-c46c668596c5", - client = "Allsafe", - title = "CashMyData (iOS)", - createdAt = "2021-01-10T18:05:00Z", - tester = "Elliot", - logo = "Insert'Allsafe.png'BASE64Encoded" + id = "61360a47-796b-4b3f-abf9-c46c668596c5", + client = "Allsafe", + title = "CashMyData (iOS)", + createdAt = "2021-01-10T18:05:00Z", + tester = "Elliot", + logo = "Insert'Allsafe.png'BASE64Encoded" ) cleanUp() - /*mongoTemplate.save(ProjectEntity(projectOne)) - mongoTemplate.save(ProjectEntity(projectTwo))*/ + mongoTemplate.save(ProjectEntity(projectOne)) + mongoTemplate.save(ProjectEntity(projectTwo)) + } + + private fun configureAdminToken() { + tokenAdmin = getAccessToken("test_admin", "test", "c4po_local", "c4po_realm_local") } } \ No newline at end of file diff --git a/security-c4po-api/src/test/kotlin/com/securityc4po/api/project/ProjectServiceTest.kt b/security-c4po-api/src/test/kotlin/com/securityc4po/api/project/ProjectServiceTest.kt index a2ccded..cb78fa0 100644 --- a/security-c4po-api/src/test/kotlin/com/securityc4po/api/project/ProjectServiceTest.kt +++ b/security-c4po-api/src/test/kotlin/com/securityc4po/api/project/ProjectServiceTest.kt @@ -12,7 +12,9 @@ class ProjectServiceTest { private val log = mock() - private val cut = ProjectService().apply { + private val projectRepository = mock() + + private val cut = ProjectService(projectRepository).apply { this.logger = log } diff --git a/security-c4po-api/src/test/resources/create-keycloak-user.sh b/security-c4po-api/src/test/resources/create-keycloak-user.sh new file mode 100644 index 0000000..4ec0d95 --- /dev/null +++ b/security-c4po-api/src/test/resources/create-keycloak-user.sh @@ -0,0 +1,28 @@ +#!/usr/bin/env bash +cd keycloak/bin +sleep 20 +./kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user admin --password admin + +USERID=$(./kcadm.sh create users -r c4po_realm_local -s username=test_admin \ +-s email=Test.Admin@heros.com \ +-s firstName=test \ +-s lastName=admin \ +-s attributes.lang="de-DE" \ +-s attributes.datenumberformat="en-US" \ +-o --fields id | jq '.id' | tr -d '"') + +./kcadm.sh update users/$USERID/reset-password -r c4po_realm_test -s type=password -s value=test -s temporary=false -n +./kcadm.sh add-roles --uusername test_admin --rolename c4po_admin -r c4po_realm_test +./kcadm.sh add-roles -r c4po_realm_test --uusername test_admin --cclientid realm-management --rolename create-client --rolename view-users + +USERID=$(./kcadm.sh create users -r c4po_realm_local -s username=test_user \ +-s email=Test.User@heros.com \ +-s firstName=test \ +-s lastName=user \ +-s attributes.lang="de-DE" \ +-s attributes.datenumberformat="en-US" \ +-o --fields id | jq '.id' | tr -d '"') + +./kcadm.sh update users/$USERID/reset-password -r c4po_realm_test -s type=password -s value=test -s temporary=false -n +./kcadm.sh add-roles --uusername test_user --rolename c4po_user -r c4po_realm_test +./kcadm.sh add-roles -r c4po_realm_test --uusername test_user --cclientid realm-management --rolename create-client --rolename view-users \ No newline at end of file diff --git a/security-c4po-api/src/test/resources/insert-mongodb-user.js b/security-c4po-api/src/test/resources/insert-mongodb-user.js new file mode 100644 index 0000000..43baf99 --- /dev/null +++ b/security-c4po-api/src/test/resources/insert-mongodb-user.js @@ -0,0 +1,12 @@ +db.createUser( + { + user: "testuser", + pwd: "test", + roles: [ + { + role: "readWrite", + db: "c4po" + } + ] + } +); \ No newline at end of file diff --git a/security-c4po-api/src/test/resources/outdated_realm-export.json b/security-c4po-api/src/test/resources/outdated_realm-export.json new file mode 100644 index 0000000..d321e8f --- /dev/null +++ b/security-c4po-api/src/test/resources/outdated_realm-export.json @@ -0,0 +1,2230 @@ +{ + "id": "c4po_realm_local", + "realm": "c4po_realm_local", + "notBefore": 0, + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": false, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "roles": { + "realm": [ + { + "id": "ffe6c698-0281-404a-8f8b-16b8b489f76f", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "c4po_realm_local", + "attributes": {} + }, + { + "id": "1cd0f230-beec-4e5e-9a59-8553da3ee74b", + "name": "USER", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "view-clients", + "manage-identity-providers", + "manage-users", + "manage-realm", + "query-realms", + "view-realm", + "query-users", + "query-groups", + "impersonation", + "view-authorization", + "manage-authorization", + "view-users", + "create-client", + "manage-events", + "view-events", + "manage-clients", + "realm-admin", + "view-identity-providers", + "query-clients" + ] + } + }, + "clientRole": false, + "containerId": "c4po_realm_local", + "attributes": {} + }, + { + "id": "e67c470f-5fe5-4e4b-a996-0ef8e6df7585", + "name": "PROJECTLEAD", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "view-clients", + "manage-identity-providers", + "manage-users", + "manage-realm", + "query-realms", + "view-realm", + "query-users", + "query-groups", + "impersonation", + "view-authorization", + "manage-authorization", + "view-users", + "create-client", + "manage-events", + "view-events", + "manage-clients", + "realm-admin", + "view-identity-providers", + "query-clients" + ] + } + }, + "clientRole": false, + "containerId": "c4po_realm_local", + "attributes": {} + }, + { + "id": "04320a32-4608-447a-98ab-422de17b1e97", + "name": "CUSTOMERADMIN", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "view-clients", + "manage-identity-providers", + "manage-users", + "manage-realm", + "query-realms", + "view-realm", + "query-users", + "query-groups", + "impersonation", + "view-authorization", + "manage-authorization", + "view-users", + "create-client", + "manage-events", + "view-events", + "manage-clients", + "realm-admin", + "view-identity-providers", + "query-clients" + ] + } + }, + "clientRole": false, + "containerId": "c4po_realm_local", + "attributes": {} + }, + { + "id": "62b91792-977d-448b-8163-8d7bc8cd7e8b", + "name": "OWNER", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "view-clients", + "manage-identity-providers", + "manage-users", + "manage-realm", + "query-realms", + "view-realm", + "query-users", + "query-groups", + "impersonation", + "view-authorization", + "manage-authorization", + "view-users", + "create-client", + "manage-events", + "view-events", + "manage-clients", + "realm-admin", + "view-identity-providers", + "query-clients" + ] + } + }, + "clientRole": false, + "containerId": "c4po_realm_local", + "attributes": {} + }, + { + "id": "f7584ecd-24e2-41ef-89bf-245671a31163", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "c4po_realm_local", + "attributes": {} + }, + { + "id": "80382db6-cd7f-44e4-b3c3-4a59bbabdccc", + "name": "OBSERVER", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "view-clients", + "manage-identity-providers", + "manage-users", + "manage-realm", + "query-realms", + "view-realm", + "query-users", + "query-groups", + "impersonation", + "view-authorization", + "manage-authorization", + "view-users", + "create-client", + "manage-events", + "view-events", + "manage-clients", + "realm-admin", + "view-identity-providers", + "query-clients" + ] + } + }, + "clientRole": false, + "containerId": "c4po_realm_local", + "attributes": {} + }, + { + "id": "9681689b-afc8-4252-8339-5ed97eac19b5", + "name": "COMPANYADMIN", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "view-clients", + "manage-identity-providers", + "manage-users", + "manage-realm", + "query-realms", + "view-realm", + "query-users", + "query-groups", + "impersonation", + "view-authorization", + "manage-authorization", + "view-users", + "create-client", + "manage-events", + "view-events", + "manage-clients", + "realm-admin", + "view-identity-providers", + "query-clients" + ] + } + }, + "clientRole": false, + "containerId": "c4po_realm_local", + "attributes": {} + }, + { + "id": "7222919e-386a-4c70-a5d8-1b3d3bf06f57", + "name": "cuid:11c47c56-3bcd-45f1-a05b-c197dbd32111", + "composite": false, + "clientRole": false, + "containerId": "c4po_realm_local", + "attributes": {} + } + ], + "client": { + "useraccount-service": [ + { + "id": "7a7e2bee-36c1-4b59-9623-bbe4f81d069e", + "name": "CUSTOMERADMIN", + "composite": false, + "clientRole": true, + "containerId": "0dc2a195-7b23-4e58-bf81-3b6566e4c36c", + "attributes": {} + }, + { + "id": "76591939-e3e2-4e35-b9c8-14a19f0ac50b", + "name": "uma_protection", + "composite": false, + "clientRole": true, + "containerId": "0dc2a195-7b23-4e58-bf81-3b6566e4c36c", + "attributes": {} + }, + { + "id": "b9fae233-7d6b-4a12-8951-5c20fba7e560", + "name": "OBSERVER", + "composite": false, + "clientRole": true, + "containerId": "0dc2a195-7b23-4e58-bf81-3b6566e4c36c", + "attributes": {} + }, + { + "id": "f5efb02b-c6ed-48fe-92bf-47cc8b1c783f", + "name": "USER", + "composite": false, + "clientRole": true, + "containerId": "0dc2a195-7b23-4e58-bf81-3b6566e4c36c", + "attributes": {} + }, + { + "id": "74ef1b12-b236-4dfb-a251-8f9c38fedab9", + "name": "PROJECTLEAD", + "composite": false, + "clientRole": true, + "containerId": "0dc2a195-7b23-4e58-bf81-3b6566e4c36c", + "attributes": {} + }, + { + "id": "9cae2c55-361b-4d34-b4aa-55d8877948ac", + "name": "cuid:11c47c56-3bcd-45f1-a05b-c197dbd32111", + "composite": false, + "clientRole": true, + "containerId": "0dc2a195-7b23-4e58-bf81-3b6566e4c36c", + "attributes": {} + }, + { + "id": "06be41f6-43d9-48aa-8e36-dad567e2eb7f", + "name": "COMPANYADMIN", + "description": "", + "composite": false, + "clientRole": true, + "containerId": "0dc2a195-7b23-4e58-bf81-3b6566e4c36c", + "attributes": {} + }, + { + "id": "00e583d6-dedd-43f8-b7cb-e2aefe313ac5", + "name": "OWNER", + "composite": false, + "clientRole": true, + "containerId": "0dc2a195-7b23-4e58-bf81-3b6566e4c36c", + "attributes": {} + }, + { + "id": "d65244ef-f2cc-4ca1-83cd-b80d2139cb87", + "name": "SENSORADMIN", + "composite": false, + "clientRole": true, + "containerId": "0dc2a195-7b23-4e58-bf81-3b6566e4c36c", + "attributes": {} + }, + { + "id": "fe51cb66-706f-42ea-aa95-2dc9a67b7bd9", + "name": "SENSORCLIENT", + "composite": false, + "clientRole": true, + "containerId": "0dc2a195-7b23-4e58-bf81-3b6566e4c36c", + "attributes": {} + } + ], + "realm-management": [ + { + "id": "e3ee3ecd-c0f0-4f21-8ed9-26f188182873", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "1f6ed582-3900-4f1d-8f5e-7e43ec70d721", + "attributes": {} + }, + { + "id": "d9b446db-f795-4e96-a7ec-a4fd5efe6fbc", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "1f6ed582-3900-4f1d-8f5e-7e43ec70d721", + "attributes": {} + }, + { + "id": "61e592ba-4f37-4f7a-83d1-9b61dd870f74", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "1f6ed582-3900-4f1d-8f5e-7e43ec70d721", + "attributes": {} + }, + { + "id": "407b4eee-745d-4f84-a278-18cdc99e9bc7", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "1f6ed582-3900-4f1d-8f5e-7e43ec70d721", + "attributes": {} + }, + { + "id": "ead18270-d63c-4634-853d-9da14a060c08", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "1f6ed582-3900-4f1d-8f5e-7e43ec70d721", + "attributes": {} + }, + { + "id": "3d8b1ae3-06b3-4699-bdb4-c18a81f1deca", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "1f6ed582-3900-4f1d-8f5e-7e43ec70d721", + "attributes": {} + }, + { + "id": "04416ae9-7437-4107-b958-802fdc8909f5", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "1f6ed582-3900-4f1d-8f5e-7e43ec70d721", + "attributes": {} + }, + { + "id": "a33907aa-eae0-4154-85d7-6acda98bbe79", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "1f6ed582-3900-4f1d-8f5e-7e43ec70d721", + "attributes": {} + }, + { + "id": "ddfe71ae-8181-4cd8-9fdd-2b8f2c524101", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "1f6ed582-3900-4f1d-8f5e-7e43ec70d721", + "attributes": {} + }, + { + "id": "2d7fb697-7c73-4854-87f2-c84974b2f73a", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "1f6ed582-3900-4f1d-8f5e-7e43ec70d721", + "attributes": {} + }, + { + "id": "e927482a-dd4b-475a-b4f9-b7224a8fbac1", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "1f6ed582-3900-4f1d-8f5e-7e43ec70d721", + "attributes": {} + }, + { + "id": "5c8d303a-853d-4c2d-abac-77056f424a5f", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-users", + "query-groups" + ] + } + }, + "clientRole": true, + "containerId": "1f6ed582-3900-4f1d-8f5e-7e43ec70d721", + "attributes": {} + }, + { + "id": "00ab84fb-a0b0-4ef4-8b43-e09f5da7e350", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "1f6ed582-3900-4f1d-8f5e-7e43ec70d721", + "attributes": {} + }, + { + "id": "bf58f8f7-e097-4dec-96cd-aab047c80c99", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "1f6ed582-3900-4f1d-8f5e-7e43ec70d721", + "attributes": {} + }, + { + "id": "50e67c01-1b81-45c9-bda1-93205f61a4e1", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "1f6ed582-3900-4f1d-8f5e-7e43ec70d721", + "attributes": {} + }, + { + "id": "f50a4f70-3ca9-48b4-a567-3f838d93bc4a", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "1f6ed582-3900-4f1d-8f5e-7e43ec70d721", + "attributes": {} + }, + { + "id": "e159661b-c630-4279-a7fd-da46d2aaa734", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "view-clients", + "manage-identity-providers", + "manage-users", + "manage-realm", + "query-realms", + "view-realm", + "query-users", + "query-groups", + "impersonation", + "view-authorization", + "manage-authorization", + "view-users", + "create-client", + "manage-events", + "view-events", + "manage-clients", + "view-identity-providers", + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "1f6ed582-3900-4f1d-8f5e-7e43ec70d721", + "attributes": {} + }, + { + "id": "912fb2b9-5db4-473f-820b-5048cc85e8db", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "1f6ed582-3900-4f1d-8f5e-7e43ec70d721", + "attributes": {} + }, + { + "id": "4672a0f6-0522-40cc-b560-68f060f6d877", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "1f6ed582-3900-4f1d-8f5e-7e43ec70d721", + "attributes": {} + } + ], + "security-admin-console": [], + "admin-cli": [], + "broker": [ + { + "id": "6aadda6f-299f-41e4-9954-009cee812cf8", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "934c22be-97c3-44b3-a5c0-2f1bdc93e540", + "attributes": {} + } + ], + "account": [ + { + "id": "b2a111c4-4574-4f09-92ea-bccf7fe7400f", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "5f58a3c9-fb96-4565-aa97-24001d045829", + "attributes": {} + }, + { + "id": "d441f7b3-d8a8-4644-bde4-e99938520c51", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": [ + "manage-account-links" + ] + } + }, + "clientRole": true, + "containerId": "5f58a3c9-fb96-4565-aa97-24001d045829", + "attributes": {} + }, + { + "id": "68d365a0-df3f-4f12-ba1a-739acceec1e0", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "5f58a3c9-fb96-4565-aa97-24001d045829", + "attributes": {} + } + ] + } + }, + "groups": [], + "defaultRoles": [ + "uma_authorization", + "offline_access" + ], + "requiredCredentials": [ + "password" + ], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpSupportedApplications": [ + "FreeOTP", + "Google Authenticator" + ], + "scopeMappings": [ + { + "client": "useraccount-service", + "roles": [ + "COMPANYADMIN", + "OWNER", + "cuid:11c47c56-3bcd-45f1-a05b-c197dbd32111", + "OBSERVER", + "CUSTOMERADMIN", + "PROJECTLEAD", + "USER", + "SENSORADMIN", + "SENSORCLIENT" + ] + }, + { + "clientScope": "offline_access", + "roles": [ + "offline_access" + ] + } + ], + "clientScopeMappings": { + "realm-management": [ + { + "client": "useraccount-service", + "roles": [ + "view-identity-providers", + "view-realm", + "manage-identity-providers", + "impersonation", + "realm-admin", + "create-client", + "manage-users", + "query-realms", + "view-authorization", + "query-clients", + "query-users", + "manage-events", + "manage-realm", + "view-events", + "view-users", + "view-clients", + "manage-authorization", + "manage-clients", + "query-groups" + ] + } + ], + "account": [ + { + "client": "useraccount-service", + "roles": [ + "view-profile" + ] + } + ] + }, + "clients": [ + { + "id": "0dc2a195-7b23-4e58-bf81-3b6566e4c36c", + "clientId": "useraccount-service", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "secret", + "redirectUris": [ + "http://awstslx070:4200/*", + "http://localhost:4200/*", + "http://awstslx071:4200/*" + ], + "webOrigins": [ + "*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": true, + "authorizationServicesEnabled": true, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "exclude.session.state.from.auth.response": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "e467088f-3ad5-439e-a507-6213ec96dc7e", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "f593e14f-701b-4318-9c45-06b46596df9b", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientId", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientId", + "jsonType.label": "String" + } + }, + { + "id": "fb2f5eff-a705-4069-8578-57419ed6ea79", + "name": "Cognito Groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "multivalued": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "cognito:groups", + "jsonType.label": "String" + } + }, + { + "id": "73eaf490-b6d8-4f6b-a9a0-1823c95c129d", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "role_list", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ], + "authorizationSettings": { + "allowRemoteResourceManagement": true, + "policyEnforcementMode": "ENFORCING", + "resources": [ + { + "name": "Default Resource", + "type": "urn:useraccount-service:resources:default", + "ownerManagedAccess": false, + "attributes": {}, + "_id": "b6b38f1d-9b2f-45b4-903b-75e4caa04822", + "uris": [ + "/*" + ] + } + ], + "policies": [ + { + "id": "028c93ef-a91a-4cb4-9658-e9df81a2c7d1", + "name": "Default Policy", + "description": "A policy that grants access only for users within this realm", + "type": "js", + "logic": "POSITIVE", + "decisionStrategy": "AFFIRMATIVE", + "config": { + "code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n" + } + }, + { + "id": "b10ccbd7-080f-46d8-b064-1082bcbc8025", + "name": "Default Permission", + "description": "A permission that applies to the default resource type", + "type": "resource", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", + "config": { + "defaultResourceType": "urn:useraccount-service:resources:default", + "applyPolicies": "[\"Default Policy\"]" + } + } + ], + "scopes": [] + } + }, + { + "id": "20111584-1444-43f4-a8bb-824139f991ea", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "baseUrl": "/auth/admin/c4po_realm_local/console/index.html", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "secret", + "redirectUris": [ + "/auth/admin/c4po_realm_local/console/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "4d4a3b4a-866a-48fd-9ed7-cf86eed3ec93", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "role_list", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "15a976bb-49f0-4abc-a2f4-54694144aa42", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "role_list", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "5f58a3c9-fb96-4565-aa97-24001d045829", + "clientId": "account", + "name": "${client_account}", + "baseUrl": "/auth/realms/c4po_realm_local/account", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "secret", + "defaultRoles": [ + "view-profile", + "manage-account" + ], + "redirectUris": [ + "/auth/realms/c4po_realm_local/account/*" + ], + "webOrigins": [ + "*" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "saml.encrypt": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "exclude.session.state.from.auth.response": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "role_list", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "1f6ed582-3900-4f1d-8f5e-7e43ec70d721", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "role_list", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "934c22be-97c3-44b3-a5c0-2f1bdc93e540", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "role_list", + "profile", + "roles", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + } + ], + "clientScopes": [ + { + "id": "47257d76-9d63-49f5-a902-34df495a43a4", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "66fb76f1-0cde-4791-9957-163fd18cb034", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "075e5aee-2465-42a0-a653-b4d5273e273d", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "ef81e559-91a4-461c-871a-30848376ccb1", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "78100256-46c2-4fd9-94d5-b552d7baa837", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "b5ebe782-a5bf-4cc6-8606-2ffe41c609af", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "33aeb362-e0a7-47ed-8f30-e257d262f2c7", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "multivalued": "true", + "userinfo.token.claim": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + }, + { + "id": "6e3f86f8-6f52-4d0d-bcd6-62cd2b48217c", + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "df76f14a-1373-4866-b859-4ec4474150bf", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "ac5cf00b-0079-4bd0-8e3a-bf228ee622e5", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${phoneScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "c167feb2-2750-4916-9a3a-7a8b5bf8be20", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + }, + { + "id": "e2f48d7b-be91-480c-a23b-77eb40b887bc", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "345ab109-6915-4487-b22b-625c3d416897", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${profileScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "1f743089-4d5c-48a3-91d0-db1ef3c12a14", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "3de9048d-cc21-4c70-989f-d926d89b0766", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "id": "6988c27c-baf5-476d-b268-64175380ff15", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "id": "cd8fce4a-c143-4093-bf04-a0a208f96ad8", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "774bb1ac-94dc-4024-869f-7ac3c74a3049", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "4fd53d8d-abf9-4cc7-accd-54d1fc836dfb", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "ec02c8fd-945e-4ca9-a4f4-063860c4c005", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "282efa0d-e0b6-4eda-a16e-f46f9f2258dc", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "03f06be8-0e88-479b-9c94-99221d84c2e9", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "35423b7e-f94b-4ebc-a98a-7929cfc1ffc7", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "String" + } + }, + { + "id": "8a711ca2-9cc4-4f0d-9e68-e2fc8a584eca", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "id": "3b1a7f22-88b0-4c50-aff7-b3e944d9c863", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "id": "20ea37d6-3f1b-4744-a273-2894a8e5194b", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "325e7a38-d5c3-4494-bda0-bd26b77e97f4", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "ca8687eb-111b-4004-84c8-3983b1e4c8f7", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "86dcf3ff-37bd-4e59-a873-8c48a84f3768", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "id": "3b49b3b4-bebc-446c-b5b5-181e5bf25f5a", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "consent.screen.text": "${rolesScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "290b8e1f-ab02-4c15-ad33-208d43b25f22", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "d4161ff3-251b-4812-bbd2-47ecec67f2f0", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "03d5aaf1-d43b-4739-97ec-9906e034d09e", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ] + }, + { + "id": "5f39e087-9178-404d-be5a-81034370de82", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "7a931e44-5929-4b71-b40d-5bf96c7ee1f0", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": {} + } + ] + } + ], + "defaultDefaultClientScopes": [ + "email", + "profile", + "roles", + "web-origins", + "role_list" + ], + "defaultOptionalClientScopes": [ + "address", + "phone", + "microprofile-jwt", + "offline_access" + ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "xXSSProtection": "1; mode=block", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": {}, + "eventsEnabled": false, + "eventsListeners": [ + "jboss-logging" + ], + "enabledEventTypes": [], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "eab6b4c5-33c3-4a40-8fa9-9d98ce0992c2", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + }, + { + "id": "f6203bd5-ba45-45df-bf45-741e0e2202f5", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "f7d196b9-3d1a-48af-82bc-8c3409209838", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-usermodel-property-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-full-name-mapper", + "saml-role-list-mapper", + "saml-user-property-mapper", + "oidc-sha256-pairwise-sub-mapper", + "oidc-address-mapper", + "saml-user-attribute-mapper" + ] + } + }, + { + "id": "90993401-7ea6-4213-8a53-d49ed7bebea0", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-full-name-mapper", + "oidc-usermodel-property-mapper", + "saml-role-list-mapper", + "saml-user-attribute-mapper", + "saml-user-property-mapper", + "oidc-address-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper" + ] + } + }, + { + "id": "9ee10d51-fb23-4781-abd8-aed83ccbee4e", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "adad855f-8eb4-452b-9c01-f3df1d06dec2", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "9f64e8b7-b375-43a9-948b-49155901b906", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] + } + }, + { + "id": "5926dcbc-4191-4f1c-8c48-0414d0e4e959", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + } + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "5228af06-9a4a-4c1c-aafc-36b1e554ee61", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ], + "algorithm": [ + "HS256" + ] + } + }, + { + "id": "e2223ecb-b36c-4e5d-ad0b-0e0f94aa5242", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + }, + { + "id": "b37b8cac-96e4-4c1c-a9c5-1d44b9447412", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + } + ] + }, + "internationalizationEnabled": false, + "supportedLocales": [], + "authenticationFlows": [ + { + "id": "04667e23-0791-4598-9e81-71dad2f8850e", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "idp-email-verification", + "requirement": "ALTERNATIVE", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "ALTERNATIVE", + "priority": 30, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "d12d870d-a9c8-447d-9b2a-8513daaa1ff4", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-otp-form", + "requirement": "OPTIONAL", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "a9d235f0-562f-44d8-8034-374b427375a4", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-spnego", + "requirement": "DISABLED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "identity-provider-redirector", + "requirement": "ALTERNATIVE", + "priority": 25, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "ALTERNATIVE", + "priority": 30, + "flowAlias": "forms", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "0eb4370f-846b-4938-99a3-e41daf4b8f99", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "client-jwt", + "requirement": "ALTERNATIVE", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "client-secret-jwt", + "requirement": "ALTERNATIVE", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "client-x509", + "requirement": "ALTERNATIVE", + "priority": 40, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "6aa71b0a-0fbc-478f-9e70-3438a363d17d", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "direct-grant-validate-password", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "direct-grant-validate-otp", + "requirement": "OPTIONAL", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "9d882641-2247-4c39-bcdc-b6a731fb9d23", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "e4f1f2c7-4171-4b8b-8759-279bbf1be477", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "requirement": "ALTERNATIVE", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "requirement": "ALTERNATIVE", + "priority": 30, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "e00fbb15-36a1-483e-87ce-4b209b61ecfc", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-otp-form", + "requirement": "OPTIONAL", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "042387a5-bc8c-4dd7-9b87-9ff1f4e0ca1e", + "alias": "http challenge", + "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "no-cookie-redirect", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "basic-auth", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "basic-auth-otp", + "requirement": "DISABLED", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-spnego", + "requirement": "DISABLED", + "priority": 40, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "1c00ba91-5e86-4037-bd34-cea2aca0871b", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "requirement": "REQUIRED", + "priority": 10, + "flowAlias": "registration form", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "51aaecfb-6135-4e8c-a154-98454e51b3f1", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-profile-action", + "requirement": "REQUIRED", + "priority": 40, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-password-action", + "requirement": "REQUIRED", + "priority": 50, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "registration-recaptcha-action", + "requirement": "DISABLED", + "priority": 60, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "f1d62ae4-4a19-4f58-9301-dc014c064439", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-credential-email", + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-password", + "requirement": "REQUIRED", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-otp", + "requirement": "OPTIONAL", + "priority": 40, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "e4405727-0f00-4b39-87b8-002d91b67579", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "bca740b1-4261-45b4-a91b-ef679c92a79d", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" + } + }, + { + "id": "dd6821e3-694a-4e46-b284-1664ba568ade", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "terms_and_conditions", + "name": "Terms and Conditions", + "providerId": "terms_and_conditions", + "enabled": false, + "defaultAction": false, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + } + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "attributes": { + "_browser_header.xXSSProtection": "1; mode=block", + "_browser_header.xFrameOptions": "SAMEORIGIN", + "_browser_header.strictTransportSecurity": "max-age=31536000; includeSubDomains", + "permanentLockout": "false", + "quickLoginCheckMilliSeconds": "1000", + "_browser_header.xRobotsTag": "none", + "maxFailureWaitSeconds": "900", + "minimumQuickLoginWaitSeconds": "60", + "failureFactor": "30", + "actionTokenGeneratedByUserLifespan": "300", + "maxDeltaTimeSeconds": "43200", + "_browser_header.xContentTypeOptions": "nosniff", + "offlineSessionMaxLifespan": "5184000", + "actionTokenGeneratedByAdminLifespan": "43200", + "_browser_header.contentSecurityPolicyReportOnly": "", + "bruteForceProtected": "false", + "_browser_header.contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "waitIncrementSeconds": "60", + "offlineSessionMaxLifespanEnabled": "false" + }, + "keycloakVersion": "6.0.1", + "userManagedAccessAllowed": false +} \ No newline at end of file diff --git a/security-c4po-api/src/test/resources/realm-export.json b/security-c4po-api/src/test/resources/realm-export.json new file mode 100644 index 0000000..63addac --- /dev/null +++ b/security-c4po-api/src/test/resources/realm-export.json @@ -0,0 +1,1813 @@ +{ + "id" : "c4po_realm_local", + "realm" : "c4po_realm_local", + "displayName" : "C4PO", + "displayNameHtml" : "
C4PO
", + "notBefore" : 0, + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 300, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "enabled" : true, + "sslRequired" : "external", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : false, + "loginWithEmailAllowed" : true, + "duplicateEmailsAllowed" : false, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "2faaa7e1-01d0-480d-b397-66155bf8a950", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "c4po_realm_local", + "attributes" : { } + }, { + "id" : "1fabc468-65bf-4651-8436-7d8d6a3a79e7", + "name" : "c4po_user", + "description" : "This is a normal c4po User role", + "composite" : true, + "composites" : { + "realm" : [ "offline_access", "uma_authorization" ] + }, + "clientRole" : false, + "containerId" : "c4po_realm_local", + "attributes" : { } + }, { + "id" : "9b6774c4-335d-44fb-82ba-d6e18dde814d", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "c4po_realm_local", + "attributes" : { } + }, { + "id" : "3dc67a08-dc0a-4bb1-8808-b49bbf4611b0", + "name" : "c4po_admin", + "description" : "This is an c4po admin role", + "composite" : true, + "composites" : { + "realm" : [ "c4po_user", "offline_access", "uma_authorization" ] + }, + "clientRole" : false, + "containerId" : "c4po_realm_local", + "attributes" : { } + } ], + "client" : { + "realm-management" : [ { + "id" : "72960cc0-cb99-4759-b342-7096bcd3c92a", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", + "attributes" : { } + }, { + "id" : "c90d908c-7e17-4ada-9f3b-aa623e449ef1", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", + "attributes" : { } + }, { + "id" : "dc9e7c69-4ed1-403d-ac42-55c507f3be40", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", + "attributes" : { } + }, { + "id" : "3e152bff-b1b3-491e-8b41-5824f417357e", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", + "attributes" : { } + }, { + "id" : "82f7b76d-b528-4fd5-aa9f-d89f1df9e1e1", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", + "attributes" : { } + }, { + "id" : "fa7c22da-a9ef-4895-ae56-57403f279631", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", + "attributes" : { } + }, { + "id" : "d0610310-b6e1-46cc-90e3-64a9948f1e1d", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients" ] + } + }, + "clientRole" : true, + "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", + "attributes" : { } + }, { + "id" : "c8fb89bc-00a8-4d6b-bb5c-d13cba12840d", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", + "attributes" : { } + }, { + "id" : "84338fd5-5a70-4c6a-b580-adb7416cb8b6", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", + "attributes" : { } + }, { + "id" : "f36d5b71-6f9e-433e-a549-5f8dab3fa39d", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", + "attributes" : { } + }, { + "id" : "d10b3abb-4120-4d28-a3a5-2bc2600502a6", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", + "attributes" : { } + }, { + "id" : "96a21ada-31a8-4d6a-9e26-f7551ca6ec3b", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", + "attributes" : { } + }, { + "id" : "7fcf212c-4371-48be-a75a-ec93830c4f8b", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", + "attributes" : { } + }, { + "id" : "26f88bad-f69b-464f-89f1-43b987589173", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", + "attributes" : { } + }, { + "id" : "13ff84e3-fef2-4c52-a30b-89602dd22457", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", + "attributes" : { } + }, { + "id" : "24928355-a003-4dc5-8272-71f32c3982e5", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", + "attributes" : { } + }, { + "id" : "60932726-3a3b-44f0-b668-b1ec55946404", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-groups", "query-users" ] + } + }, + "clientRole" : true, + "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", + "attributes" : { } + }, { + "id" : "18447ab5-84fc-4dc5-8f1b-ac39bfbd72a6", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "create-client", "manage-clients", "manage-realm", "query-groups", "impersonation", "view-authorization", "view-clients", "manage-identity-providers", "view-events", "query-realms", "view-realm", "query-clients", "manage-users", "manage-authorization", "query-users", "manage-events", "view-users", "view-identity-providers" ] + } + }, + "clientRole" : true, + "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", + "attributes" : { } + }, { + "id" : "ca1a9e13-0f97-4c69-a37a-0edc9a822485", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", + "attributes" : { } + } ], + "security-admin-console" : [ ], + "admin-cli" : [ ], + "c4po_local" : [ { + "id" : "e26a27e7-1648-491b-832a-8bf751d378bb", + "name" : "user", + "composite" : false, + "clientRole" : true, + "containerId" : "6cbc559d-073e-40d7-8b73-b2dcdc438461", + "attributes" : { } + } ], + "security-c4po-api" : [ ], + "account-console" : [ ], + "broker" : [ { + "id" : "ef655eb1-164c-49e3-be85-510395bfd7d9", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "f90fb534-a4bf-4e08-b0d3-8a5552eb5a12", + "attributes" : { } + } ], + "security-c4po-angular" : [ ], + "account" : [ { + "id" : "1d2d7350-47be-4131-b634-297b59731ccf", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "a7f62881-aa9e-4565-afeb-1d6305d3c56e", + "attributes" : { } + }, { + "id" : "14139dff-c524-4efd-84a1-9fbb3e8bafae", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } + }, + "clientRole" : true, + "containerId" : "a7f62881-aa9e-4565-afeb-1d6305d3c56e", + "attributes" : { } + }, { + "id" : "f590afe8-3e54-491d-97b1-e29f56b22df3", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "a7f62881-aa9e-4565-afeb-1d6305d3c56e", + "attributes" : { } + }, { + "id" : "897b62b3-c4d8-4998-9536-9c2d59bd2896", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, + "clientRole" : true, + "containerId" : "a7f62881-aa9e-4565-afeb-1d6305d3c56e", + "attributes" : { } + }, { + "id" : "34488e12-5873-490b-a25b-986e62a21caa", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "a7f62881-aa9e-4565-afeb-1d6305d3c56e", + "attributes" : { } + }, { + "id" : "18770e33-50c1-4bb8-960d-d8acd163f5ab", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "a7f62881-aa9e-4565-afeb-1d6305d3c56e", + "attributes" : { } + } ] + } + }, + "groups" : [ ], + "defaultRoles" : [ "uma_authorization", "offline_access" ], + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ], + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "users" : [ { + "id" : "10e06d7a-8dd0-4ecd-8963-056b45079c4f", + "createdTimestamp" : 1617897245335, + "username" : "ttt", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "firstName" : "test", + "lastName" : "user", + "credentials" : [ { + "id" : "7026fefc-ae26-442b-acae-92f1f2d24eac", + "type" : "password", + "createdDate" : 1617897287400, + "secretData" : "{\"value\":\"mhW4yxOg+8bcyPF4yWsfPZnLGUp4oaqc9aNA+WBcpr9qXgs/Jw+rM2VlLEgeD/kXGItcScA8V20sVGrMWT94Yw==\",\"salt\":\"nkH510WAwjKZJqd/ZEkIHA==\"}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "uma_authorization", "c4po_user", "c4po_admin" ], + "clientRoles" : { + "c4po_local" : [ "user" ], + "account" : [ "view-profile", "manage-account" ] + }, + "notBefore" : 0, + "groups" : [ ] + } ], + "scopeMappings" : [ { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account" ] + } ] + }, + "clients" : [ { + "id" : "a7f62881-aa9e-4565-afeb-1d6305d3c56e", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/c4po_realm_local/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "defaultRoles" : [ "view-profile", "manage-account" ], + "redirectUris" : [ "/realms/c4po_realm_local/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "da51d616-1ca6-4434-a16d-b543d2a4e4c0", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/c4po_realm_local/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "redirectUris" : [ "/realms/c4po_realm_local/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "0c5a81d7-f454-4793-b4e4-60c924b73533", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "63cb2215-d2f1-4229-96fc-82fb843e283a", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "f90fb534-a4bf-4e08-b0d3-8a5552eb5a12", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "6cbc559d-073e-40d7-8b73-b2dcdc438461", + "clientId" : "c4po_local", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "redirectUris" : [ "http://localhost:4200/*" ], + "webOrigins" : [ "*" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "saml.assertion.signature" : "false", + "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", + "saml.encrypt" : "false", + "saml.server.signature" : "false", + "saml.server.signature.keyinfo.ext" : "false", + "exclude.session.state.from.auth.response" : "false", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "saml.onetimeuse.condition" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "fa74c4e8-a9c0-4fa9-bb21-2ad3535b08ef", + "clientId" : "realm-management", + "name" : "${client_realm-management}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "7e165a51-6cb8-43cf-a4fe-1d0ad513586b", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/c4po_realm_local/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "redirectUris" : [ "/admin/c4po_realm_local/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "4fd1eab6-f53b-4d37-b65c-bea9845b3e9f", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "7f731c1c-4fd8-470a-a995-b242fc5b550d", + "clientId" : "security-c4po-angular", + "rootUrl" : "", + "adminUrl" : "", + "baseUrl" : "http://localhost:4200/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "482621c2-e0fe-43b9-bb62-7469158e1966", + "redirectUris" : [ "http://localhost:4200/*" ], + "webOrigins" : [ "*" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "saml.assertion.signature" : "false", + "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", + "saml.encrypt" : "false", + "saml.server.signature" : "false", + "saml.server.signature.keyinfo.ext" : "false", + "exclude.session.state.from.auth.response" : "false", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "saml.onetimeuse.condition" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "8badc11a-50e4-44ae-a292-47e3759fcaeb", + "clientId" : "security-c4po-api", + "rootUrl" : "", + "adminUrl" : "", + "baseUrl" : "http://localhost:8443/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "0aef07ba-d8b4-405d-9dcb-f3743f966856", + "redirectUris" : [ "http://localhost:8443/*" ], + "webOrigins" : [ "*" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "saml.assertion.signature" : "false", + "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", + "saml.encrypt" : "false", + "saml.server.signature" : "false", + "saml.server.signature.keyinfo.ext" : "false", + "exclude.session.state.from.auth.response" : "false", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "saml.onetimeuse.condition" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "role_list", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + } ], + "clientScopes" : [ { + "id" : "8d428e56-80df-4505-8e1a-26537e793b31", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + }, { + "id" : "4b171f57-736a-41b4-b67b-585bac1d8d24", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "2b161cf6-2c63-45e8-a698-48f7297cc303", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "ac7d05f9-d505-42e9-9b7c-1984b31e653d", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${profileScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "2be3fbed-d2c8-46eb-94e0-b2efdf20ad60", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + }, { + "id" : "d3465101-1321-43a7-8f65-8b782c390297", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + }, { + "id" : "68391807-41ec-4ce2-877d-3a808bb1bbe4", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + }, { + "id" : "d8d837e5-e1f8-45af-96b0-7c5607780e0b", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + }, { + "id" : "0667458d-83c3-4cd1-b60a-436a3bb42d2e", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + }, { + "id" : "e8cd5b57-ee69-46eb-afd7-71cc68ca5384", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "643f5ffd-4c38-4228-808d-2fd9f2a075ba", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "b41a9738-9529-47f8-bd90-461c072212af", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + }, { + "id" : "29c5817f-6101-48ff-a1e5-dbb23e3b0534", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + }, { + "id" : "a4a193ec-25bb-4457-8287-ca2abaff5940", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + }, { + "id" : "3c132112-0285-4ef4-9317-2d94c58c9bc6", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + }, { + "id" : "7bbf2f74-db95-47f1-8736-8b0864a01d5a", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + }, { + "id" : "7f92e589-d307-4574-bf84-0f34bdbef9f3", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "String" + } + }, { + "id" : "efe55944-ab38-4fe2-9452-8499f9d52e80", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "32f1098d-79a9-4da4-a94a-c873fcc0f6e1", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${emailScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "92afef33-2843-40bc-aba1-58d462fa81cc", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "4b4d33d1-ed47-40db-a05f-4253c25dbbff", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "412cfb80-d33e-44da-a0e2-b0bde0423c00", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${addressScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "261a490f-073d-4975-af5b-e2d9e21ea768", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + }, { + "id" : "faf5c077-e43d-4433-9f5d-ddfc10f31385", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${phoneScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "57383851-63a0-4599-8074-ecaddfbf5164", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + }, { + "id" : "8992684a-ea4f-490c-8cd4-6af77ab77b64", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "21ac5f31-d742-40c7-89a1-cd7f35036450", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${rolesScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "c9ab2a7d-062d-419f-90d4-7682c854857e", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "46b6c2ed-6b50-4205-a7c2-d2fd2c93353c", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "60e36e8d-7456-4581-9c35-068942b61a40", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ] + }, { + "id" : "cd5f153a-ff23-43d5-81a0-6c8dc6f39a4e", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "9a8031f8-997b-4899-ba60-05868f8e4b18", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { } + } ] + }, { + "id" : "b18623a4-3595-4993-b2bd-79e94778d28b", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "a59540b9-81a8-4ca8-b0ff-bff6ceb049c2", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + }, { + "id" : "0eee48de-8c6f-4167-8958-fb4d3ef973cc", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "multivalued" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + } ] + } ], + "defaultDefaultClientScopes" : [ "role_list", "profile", "email", "roles", "web-origins" ], + "defaultOptionalClientScopes" : [ "offline_access", "address", "phone", "microprofile-jwt" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection" : "1; mode=block", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "eventsEnabled" : false, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "56f53138-a448-42f5-ba77-b026b1b179d0", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "46301b5f-58b3-48f2-8844-e82f1b5b5ad3", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + }, { + "id" : "898437e1-5717-4010-9306-6c3582ca5b09", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper" ] + } + }, { + "id" : "cc2d0cd7-3d3f-4b0a-ad95-7118f36bf188", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "e1ded6a4-e0af-4c3a-bc5d-a142701302c4", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "12513189-c247-4869-8a24-ba7f694e8668", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "7511759b-c33d-4bb4-bd46-724599ea2efb", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper" ] + } + }, { + "id" : "92230e65-7480-44c3-af2d-72ddee758cbc", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "ea025a18-d77a-4bbc-8e3a-c6b55ccf4b3f", + "name" : "hmac-generated", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "ddd6d915-c898-4e32-b9de-f1469a2dfb6a" ], + "secret" : [ "GegBlWTwur6eFVW_fdHBsmbWZmpkLcZrhZS028OOUG3bErTFFxgjqHfH-cZ8au5uOFyquTYB1_IrzKNQB1HyMg" ], + "priority" : [ "100" ], + "algorithm" : [ "HS256" ] + } + }, { + "id" : "d54e6431-5a1c-4783-a9ca-dbbedd0b0f20", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "40b8e0ac-9300-4736-9668-713676911d5e" ], + "secret" : [ "kJGFh7LGYAI2ged6rJQVDQ" ], + "priority" : [ "100" ] + } + }, { + "id" : "38c2dd59-c891-4558-8102-c26ada370abd", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEpAIBAAKCAQEA5l/1wCtrIxaD7HW7/Qlmb4DtH1KdHzXc3J24pyLO914lvwfZBaRz4mcY9nia9/R+oCr62/EjIxVa4/SfA+O7ZUgi2TMJtwtUX3CKRlm+ktK51wnJ1TNN38zYEB9fFKuElP3Sqva+nLlmVTMyqXkDzLLhFJnc1Szu8tWXJKyrim4Oo/iAfvbmTisldgJ1YH/wcqfH08jgVhySDSXde6HejThhuDsM4FqeaPANBztpxDwYDo7sj9mD8UE9NvyzXr2o0NV+JvZv2H0RHth3KUf8iJta5tjo+wY4vQAPvkfOOdwn+XEsWIhZwKGMPeYeqETT6kKQX//UbNc+5YT513U1PQIDAQABAoIBAQCTXRrUfHGiFkr5PS6tZA/0j6IfATekuU24ieOOdkOyFLVMh3aZl2LRlmVvdCKdLfa5+gRSIOP7EzP60YXOdSRwWz5/dZhnUIX+Lv0kl0/Cl61tEsPa72CHIn+rgIXPsQ+0RtE1r3SqyCXfpkpoAhMeI+a6yNlsO7v19g8i1Jk+iIUiQxtsCGGUt+FsTao1cXq/i7F7NCS9PUD5aAVyURI5IEJ5+YXJZN68y0EBf8B2kWToMVEgLM5BJZraH+APuDbndmRFmNqe8w6X1PAYBAzubuAHrNfda/PC6whuSsupI9oRugU4LFIPdBVZLyL833xYQgAA7OaEF4KzK/E00f75AoGBAP7sm2AWtgQ6f0QPQfcS6zJJNwrfU86ay1NDoVL3eYY9rz9FXtAfUq/+Wo6nTnez1YSJjhnLeTpngquTlSlqlJdHqoAgPaOtAnZltVZ21hU3/9KHfF3Bi5X8T0nvoJ8FZTiOCRKKNGr9FEVdYOG+avtF6+TaEQyeW2q7PDkwkSPfAoGBAOdY1RxPEjTvuBrgGGBJ3sDd75okVc3OTxHsmZ2j1dqftk0euU8kNcQ40L2rwJ/OdnThFsyHfnN9lLoEQzc/rDWm74pOgQGqJ+AQZzEt0kWV1TmOwWQEx8dvipxMgI3xWzQ4BnzK3LTWl19LrP2f9V4F/iv//EqqHN3btojIxmpjAoGAT0wGYPNvlw0jPWaJnHOUGcZQit9BUIkyKiplakt0z98sPkAz6AV2USyLusgsTmvwRRQM0dVLVnGQYhK8WW+/3Pb8AHMG+Xz9wRqON+ErYtpSh4iBlSB5bSRY/aS+j/i7rcXw6IV5HLawsYsEcfQrjxIG+N8kYop34VFwwFFtNH0CgYBC4Tlqn6lByHNOwa4KWBCfbQmRZCOyBYxyQBYArpZqR3WqQdGMgYlRmqMt0fMzv7oa+99dbWYu+QT/6a+Mz0l3kTT6pMtCsfApJFTQsNBy8Wfc5doekgs3KpXFrZAUeMvHAtNNTFAVr1u/Xt85yv5iGhVqnuxOoXMK6DOSw4goxQKBgQDvTnYvpyRlHvTFHgutWocGWZA/k9XwwZJJaferWYD79EZkZHG7vkNp1JyxiuL2nuCidQp6psuOl5HeauhPHzFmpnq014Ju49t8CklKbiQt51T8Ir0S3nXs6F3e31c2t9fgMwLDfrNW1713wwHntDCWcQjU2aTDpLk9MY+ZaBaQhg==" ], + "certificate" : [ "MIICrzCCAZcCBgF4ra3edDANBgkqhkiG9w0BAQsFADAbMRkwFwYDVQQDDBBjNHBvX3JlYWxtX2xvY2FsMB4XDTIxMDQwNzE4NTA1NloXDTMxMDQwNzE4NTIzNlowGzEZMBcGA1UEAwwQYzRwb19yZWFsbV9sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOZf9cArayMWg+x1u/0JZm+A7R9SnR813NyduKcizvdeJb8H2QWkc+JnGPZ4mvf0fqAq+tvxIyMVWuP0nwPju2VIItkzCbcLVF9wikZZvpLSudcJydUzTd/M2BAfXxSrhJT90qr2vpy5ZlUzMql5A8yy4RSZ3NUs7vLVlySsq4puDqP4gH725k4rJXYCdWB/8HKnx9PI4FYckg0l3Xuh3o04Ybg7DOBanmjwDQc7acQ8GA6O7I/Zg/FBPTb8s169qNDVfib2b9h9ER7YdylH/IibWubY6PsGOL0AD75HzjncJ/lxLFiIWcChjD3mHqhE0+pCkF//1GzXPuWE+dd1NT0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAgat1JOdb/cvKGc2rFRH4XuiP7mUrzJo+gCQNbikXEFZQHYeKUci3n9QIeFGUCwALgQdgWeeQG4wR1Hu95FkGFk9uMlt2w5lh5eCuTHX1fW6UMiUL4Cw1kgfyW6Lw8Ffk58qW6BAM76yTKgyYc6o8Hhvgw5X/sqxz4IXWgSB2+Zj8AjdaeThsOtnefpXChSSrGnoJwZqXLc1rLWvqtqiIVtJau0CO4qZ7VXiSHwJvZpF7+vLMWig9zEVnvNX38HGWcfGCymGRxjVP8mjC/GE1WG9jLU55otvE3Fll6/XXhndXh6imRzgvG41qdlvOz/gQgtcI5LBw8YCZ5EJQay93oQ==" ], + "priority" : [ "100" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ ], + "authenticationFlows" : [ { + "id" : "fa5fc78f-19a9-4737-868b-618163f28c79", + "alias" : "Account verification options", + "description" : "Method with which to verity the existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "ALTERNATIVE", + "priority" : 20, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "01735b0f-139f-46e5-bb63-f797a27efa77", + "alias" : "Authentication Options", + "description" : "Authentication options.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "basic-auth", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "basic-auth-otp", + "requirement" : "DISABLED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-spnego", + "requirement" : "DISABLED", + "priority" : 30, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "a7666cf0-626c-48c4-9e71-e408832de725", + "alias" : "Browser - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-otp-form", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "1dfabb7a-efdd-4964-bba5-389cad79b654", + "alias" : "Direct Grant - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "c3b2bf2b-3da8-430d-a9b7-8793c3dc30a3", + "alias" : "First broker login - Conditional OTP", + "description" : "Flow to determine if the OTP is required for the authentication", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-otp-form", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "44343bdf-8592-4242-835f-e349943a110b", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "REQUIRED", + "priority" : 20, + "flowAlias" : "Account verification options", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "e72b8fcb-cd8b-4e7a-a057-3446b806b538", + "alias" : "Reset - Conditional OTP", + "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-otp", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "2416145b-4d20-493c-bdf7-419898c002ee", + "alias" : "User creation or linking", + "description" : "Flow for the existing/non-existing user alternatives", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "ALTERNATIVE", + "priority" : 20, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "b7ff8aad-2daa-4736-8815-f3e8f0df391e", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "CONDITIONAL", + "priority" : 20, + "flowAlias" : "First broker login - Conditional OTP", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "8339d3ba-2d0a-4d23-bbfa-a78e4973d3c9", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-spnego", + "requirement" : "DISABLED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "identity-provider-redirector", + "requirement" : "ALTERNATIVE", + "priority" : 25, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "ALTERNATIVE", + "priority" : 30, + "flowAlias" : "forms", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "5ece002a-4e62-4d0d-8705-4b116164b424", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "client-jwt", + "requirement" : "ALTERNATIVE", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "client-secret-jwt", + "requirement" : "ALTERNATIVE", + "priority" : 30, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "client-x509", + "requirement" : "ALTERNATIVE", + "priority" : 40, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "bd27b0dc-bc87-40b7-a626-491b9955668d", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "direct-grant-validate-password", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "CONDITIONAL", + "priority" : 30, + "flowAlias" : "Direct Grant - Conditional OTP", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "2db79d60-7c9d-4516-80f0-0c5d60349899", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "25a92fbe-7d4d-46bc-a751-29ef844290a3", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "REQUIRED", + "priority" : 20, + "flowAlias" : "User creation or linking", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "26f6a5db-9be8-446c-82d0-6f4e29b5f08d", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "CONDITIONAL", + "priority" : 20, + "flowAlias" : "Browser - Conditional OTP", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "05a94701-ad98-4bbc-a162-746a107afba5", + "alias" : "http challenge", + "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "no-cookie-redirect", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "REQUIRED", + "priority" : 20, + "flowAlias" : "Authentication Options", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "75347884-d4cb-4eba-9b89-63566d509b92", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "requirement" : "REQUIRED", + "priority" : 10, + "flowAlias" : "registration form", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "74e3a2d3-ecda-400d-8bff-0926dc272e4b", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-profile-action", + "requirement" : "REQUIRED", + "priority" : 40, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-password-action", + "requirement" : "REQUIRED", + "priority" : 50, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-recaptcha-action", + "requirement" : "DISABLED", + "priority" : 60, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "6eae8652-baf7-4a7d-80a4-1711906caec7", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-credential-email", + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-password", + "requirement" : "REQUIRED", + "priority" : 30, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "requirement" : "CONDITIONAL", + "priority" : 40, + "flowAlias" : "Reset - Conditional OTP", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "6135710b-b019-4117-ba32-578d3d496b2a", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "3d3735a0-1362-4f0d-9306-bfc727da1b5b", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "c1f4a15f-8234-4f0f-affa-baf610b001e1", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "terms_and_conditions", + "name" : "Terms and Conditions", + "providerId" : "terms_and_conditions", + "enabled" : false, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "attributes" : { + "clientOfflineSessionMaxLifespan" : "0", + "clientSessionIdleTimeout" : "0", + "clientSessionMaxLifespan" : "0", + "clientOfflineSessionIdleTimeout" : "0" + }, + "keycloakVersion" : "11.0.3", + "userManagedAccessAllowed" : false +} \ No newline at end of file diff --git a/security-c4po-api/src/test/resources/script_local b/security-c4po-api/src/test/resources/script_local new file mode 100644 index 0000000..f6c82e4 --- /dev/null +++ b/security-c4po-api/src/test/resources/script_local @@ -0,0 +1,28 @@ +#!/usr/bin/env bash +cd keycloak/bin +sleep 20 +./kcadm.sh config credentials --server http://localhost:8888/auth --realm master --user admin --password admin + +USERID=$(./kcadm.sh create users -r c4po_realm_local -s username=test_admin \ +-s email=Troy.Stewart@heros.com \ +-s firstName=test \ +-s lastName=admin \ +-s attributes.lang="de-DE" \ +-s attributes.datenumberformat="en-US" \ +-o --fields id | jq '.id' | tr -d '"') + +./kcadm.sh update users/$USERID/reset-password -r c4po_realm_test -s type=password -s value=test -s temporary=false -n +./kcadm.sh add-roles --uusername test_admin --rolename c4po_admin -r c4po_realm_test +./kcadm.sh add-roles -r c4po_realm_test --uusername test_admin --cclientid realm-management --rolename create-client --rolename view-users + +USERID=$(./kcadm.sh create users -r c4po_realm_local -s username=test_user \ +-s email=Troy.Stewart@heros.com \ +-s firstName=test \ +-s lastName=user \ +-s attributes.lang="de-DE" \ +-s attributes.datenumberformat="en-US" \ +-o --fields id | jq '.id' | tr -d '"') + +./kcadm.sh update users/$USERID/reset-password -r c4po_realm_test -s type=password -s value=test -s temporary=false -n +./kcadm.sh add-roles --uusername test_user --rolename c4po_user -r c4po_realm_test +./kcadm.sh add-roles -r c4po_realm_test --uusername test_user --cclientid realm-management --rolename create-client --rolename view-users \ No newline at end of file diff --git a/security-c4po-cfg/backend/docker-compose.backend.yml b/security-c4po-cfg/backend/docker-compose.backend.yml index 6c53145..00983fc 100644 --- a/security-c4po-cfg/backend/docker-compose.backend.yml +++ b/security-c4po-cfg/backend/docker-compose.backend.yml @@ -4,13 +4,18 @@ services: c4po-api: build: '../../security-c4po-api' image: security-c4po-api:latest - container_name: security-c4po-api + container_name: c4po-api + environment: + - SPRING_PROFILES_ACTIVE=COMPOSE + depends_on: + - c4po-db + - c4po-keycloak + links: + - c4po-db + - c4po-keycloak deploy: resources: limits: memory: "1G" ports: - 8443:8443 - -networks: - c4po: diff --git a/security-c4po-cfg/cfg/c4po_realm_export.json b/security-c4po-cfg/cfg/c4po_realm_export.json index d948248..63addac 100644 --- a/security-c4po-cfg/cfg/c4po_realm_export.json +++ b/security-c4po-cfg/cfg/c4po_realm_export.json @@ -1,6 +1,8 @@ { "id" : "c4po_realm_local", "realm" : "c4po_realm_local", + "displayName" : "C4PO", + "displayNameHtml" : "
C4PO
", "notBefore" : 0, "revokeRefreshToken" : false, "refreshTokenMaxReuse" : 0, @@ -380,7 +382,7 @@ } ], "disableableCredentialTypes" : [ ], "requiredActions" : [ ], - "realmRoles" : [ "uma_authorization", "c4po_user", "offline_access", "c4po_admin" ], + "realmRoles" : [ "uma_authorization", "c4po_user", "c4po_admin" ], "clientRoles" : { "c4po_local" : [ "user" ], "account" : [ "view-profile", "manage-account" ] @@ -659,8 +661,8 @@ "protocol" : "openid-connect", "attributes" : { "saml.assertion.signature" : "false", - "saml.multivalued.roles" : "false", "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", "saml.encrypt" : "false", "saml.server.signature" : "false", "saml.server.signature.keyinfo.ext" : "false", @@ -680,7 +682,7 @@ }, { "id" : "8badc11a-50e4-44ae-a292-47e3759fcaeb", "clientId" : "security-c4po-api", - "rootUrl" : "http://localhost:8443", + "rootUrl" : "", "adminUrl" : "", "baseUrl" : "http://localhost:8443/", "surrogateAuthRequired" : false, @@ -702,8 +704,8 @@ "protocol" : "openid-connect", "attributes" : { "saml.assertion.signature" : "false", - "saml.multivalued.roles" : "false", "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", "saml.encrypt" : "false", "saml.server.signature" : "false", "saml.server.signature.keyinfo.ext" : "false", @@ -1206,7 +1208,7 @@ "subType" : "anonymous", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper", "saml-role-list-mapper" ] + "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper" ] } }, { "id" : "cc2d0cd7-3d3f-4b0a-ad95-7118f36bf188", @@ -1238,7 +1240,7 @@ "subType" : "authenticated", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper" ] + "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "saml-role-list-mapper", "saml-user-property-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper" ] } }, { "id" : "92230e65-7480-44c3-af2d-72ddee758cbc", @@ -1287,7 +1289,7 @@ "internationalizationEnabled" : false, "supportedLocales" : [ ], "authenticationFlows" : [ { - "id" : "2c54f19d-5992-447d-a2b3-58953c5a92d9", + "id" : "fa5fc78f-19a9-4737-868b-618163f28c79", "alias" : "Account verification options", "description" : "Method with which to verity the existing account", "providerId" : "basic-flow", @@ -1307,7 +1309,7 @@ "autheticatorFlow" : true } ] }, { - "id" : "58e457d2-c138-401b-94e6-aa0c89d40be5", + "id" : "01735b0f-139f-46e5-bb63-f797a27efa77", "alias" : "Authentication Options", "description" : "Authentication options.", "providerId" : "basic-flow", @@ -1333,7 +1335,7 @@ "autheticatorFlow" : false } ] }, { - "id" : "ed8a0f0d-c571-4c7c-8177-51ff71e0cb0e", + "id" : "a7666cf0-626c-48c4-9e71-e408832de725", "alias" : "Browser - Conditional OTP", "description" : "Flow to determine if the OTP is required for the authentication", "providerId" : "basic-flow", @@ -1353,7 +1355,7 @@ "autheticatorFlow" : false } ] }, { - "id" : "b12f09d6-8e47-4fa2-80cb-6adece38f970", + "id" : "1dfabb7a-efdd-4964-bba5-389cad79b654", "alias" : "Direct Grant - Conditional OTP", "description" : "Flow to determine if the OTP is required for the authentication", "providerId" : "basic-flow", @@ -1373,7 +1375,7 @@ "autheticatorFlow" : false } ] }, { - "id" : "571ebbe3-1dbd-4c11-a048-431ebe7b9ba0", + "id" : "c3b2bf2b-3da8-430d-a9b7-8793c3dc30a3", "alias" : "First broker login - Conditional OTP", "description" : "Flow to determine if the OTP is required for the authentication", "providerId" : "basic-flow", @@ -1393,7 +1395,7 @@ "autheticatorFlow" : false } ] }, { - "id" : "9efe3906-9789-45d5-bd69-17657e7d0dd1", + "id" : "44343bdf-8592-4242-835f-e349943a110b", "alias" : "Handle Existing Account", "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId" : "basic-flow", @@ -1413,7 +1415,7 @@ "autheticatorFlow" : true } ] }, { - "id" : "ff2fc973-bd97-49f6-a5b9-234904131b12", + "id" : "e72b8fcb-cd8b-4e7a-a057-3446b806b538", "alias" : "Reset - Conditional OTP", "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId" : "basic-flow", @@ -1433,7 +1435,7 @@ "autheticatorFlow" : false } ] }, { - "id" : "b4b2f650-4ae7-4d26-ae58-59e6074fb067", + "id" : "2416145b-4d20-493c-bdf7-419898c002ee", "alias" : "User creation or linking", "description" : "Flow for the existing/non-existing user alternatives", "providerId" : "basic-flow", @@ -1454,7 +1456,7 @@ "autheticatorFlow" : true } ] }, { - "id" : "5848478b-6cb0-4460-a0be-9393e8835382", + "id" : "b7ff8aad-2daa-4736-8815-f3e8f0df391e", "alias" : "Verify Existing Account by Re-authentication", "description" : "Reauthentication of existing account", "providerId" : "basic-flow", @@ -1474,7 +1476,7 @@ "autheticatorFlow" : true } ] }, { - "id" : "79af744f-037e-49b7-b469-4581078db93a", + "id" : "8339d3ba-2d0a-4d23-bbfa-a78e4973d3c9", "alias" : "browser", "description" : "browser based authentication", "providerId" : "basic-flow", @@ -1506,7 +1508,7 @@ "autheticatorFlow" : true } ] }, { - "id" : "bed9a42e-29ce-42e3-b217-4c82ddc1da60", + "id" : "5ece002a-4e62-4d0d-8705-4b116164b424", "alias" : "clients", "description" : "Base authentication for clients", "providerId" : "client-flow", @@ -1538,7 +1540,7 @@ "autheticatorFlow" : false } ] }, { - "id" : "90ed59d7-616e-4db0-b5b7-b02c4778bfe6", + "id" : "bd27b0dc-bc87-40b7-a626-491b9955668d", "alias" : "direct grant", "description" : "OpenID Connect Resource Owner Grant", "providerId" : "basic-flow", @@ -1564,7 +1566,7 @@ "autheticatorFlow" : true } ] }, { - "id" : "02136f0a-354a-41d6-8a81-82d9d61f8ae1", + "id" : "2db79d60-7c9d-4516-80f0-0c5d60349899", "alias" : "docker auth", "description" : "Used by Docker clients to authenticate against the IDP", "providerId" : "basic-flow", @@ -1578,7 +1580,7 @@ "autheticatorFlow" : false } ] }, { - "id" : "61049b62-3f5e-440e-b3d3-7955c74ce79a", + "id" : "25a92fbe-7d4d-46bc-a751-29ef844290a3", "alias" : "first broker login", "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId" : "basic-flow", @@ -1599,7 +1601,7 @@ "autheticatorFlow" : true } ] }, { - "id" : "a3416906-b38a-4626-9759-99010c6e27b9", + "id" : "26f6a5db-9be8-446c-82d0-6f4e29b5f08d", "alias" : "forms", "description" : "Username, password, otp and other auth forms.", "providerId" : "basic-flow", @@ -1619,7 +1621,7 @@ "autheticatorFlow" : true } ] }, { - "id" : "e53c6c19-574d-4ba0-b8b5-55631d71328d", + "id" : "05a94701-ad98-4bbc-a162-746a107afba5", "alias" : "http challenge", "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", "providerId" : "basic-flow", @@ -1639,7 +1641,7 @@ "autheticatorFlow" : true } ] }, { - "id" : "3bc89297-8fa2-45a0-a4f9-64166c5f53f2", + "id" : "75347884-d4cb-4eba-9b89-63566d509b92", "alias" : "registration", "description" : "registration flow", "providerId" : "basic-flow", @@ -1654,7 +1656,7 @@ "autheticatorFlow" : true } ] }, { - "id" : "7f080e51-3567-498e-ae34-1abeefe07495", + "id" : "74e3a2d3-ecda-400d-8bff-0926dc272e4b", "alias" : "registration form", "description" : "registration form", "providerId" : "form-flow", @@ -1686,7 +1688,7 @@ "autheticatorFlow" : false } ] }, { - "id" : "d0fe2454-5b33-47bd-9909-fd81dc62e27b", + "id" : "6eae8652-baf7-4a7d-80a4-1711906caec7", "alias" : "reset credentials", "description" : "Reset credentials for a user if they forgot their password or something", "providerId" : "basic-flow", @@ -1718,7 +1720,7 @@ "autheticatorFlow" : true } ] }, { - "id" : "f41e0e59-1927-4f6b-9917-1fffc76ed300", + "id" : "6135710b-b019-4117-ba32-578d3d496b2a", "alias" : "saml ecp", "description" : "SAML ECP Profile Authentication Flow", "providerId" : "basic-flow", @@ -1733,13 +1735,13 @@ } ] } ], "authenticatorConfig" : [ { - "id" : "7328eecb-235e-4d51-aeb8-60f040bdce55", + "id" : "3d3735a0-1362-4f0d-9306-bfc727da1b5b", "alias" : "create unique user config", "config" : { "require.password.update.after.registration" : "false" } }, { - "id" : "3ca8532e-719d-420c-9c96-684c1195ece6", + "id" : "c1f4a15f-8234-4f0f-affa-baf610b001e1", "alias" : "review profile config", "config" : { "update.profile.on.first.login" : "missing" diff --git a/security-c4po-cfg/cfg/keycloak.env b/security-c4po-cfg/cfg/keycloak.env index c2e568b..f65c089 100644 --- a/security-c4po-cfg/cfg/keycloak.env +++ b/security-c4po-cfg/cfg/keycloak.env @@ -1,6 +1,6 @@ # cfg for local keycloak DB_VENDOR=postgres -DB_ADDR=keycloak-postgres +DB_ADDR=c4po-keycloak-postgress DB_PORT=5432 DB_USER=c4po_kc_local DB_PASSWORD=Test1234! diff --git a/security-c4po-cfg/docker-compose.yml b/security-c4po-cfg/docker-compose.yml new file mode 100644 index 0000000..c82c6d7 --- /dev/null +++ b/security-c4po-cfg/docker-compose.yml @@ -0,0 +1,89 @@ +version: '2' + +volumes: + c4po-keycloak-postgres: + c4po-db: + +services: + # Database + c4po-keycloak-postgres: + container_name: c4po-keycloak-postgres + image: postgres:latest + env_file: + - cfg/keycloakdb.env + ports: + - 5433:5432 + volumes: + - /volumes/keycloak/data/:/var/lib/postgres/data + networks: + - c4po + c4po-db: + image: mongo:latest + container_name: c4po-db + volumes: + - /volumes/mongodb/data/:/db/data + deploy: + resources: + limits: + memory: "1G" + ports: + - 27017:27017 + networks: + - c4po + # Authentity Provider + c4po-keycloak: + container_name: c4po-keycloak + depends_on: + - c4po-keycloak-postgres + links: + - c4po-keycloak-postgres + image: jboss/keycloak:11.0.3 + volumes: + - /cfg/c4po_realm_export.json/:/tmp/c4po_realm_export.json + ports: + - 8888:8080 + env_file: + - cfg/keycloak.env + networks: + - c4po + # Services + c4po-angular: + build: '../security-c4po-angular' + image: security-c4po-angular:latest + container_name: c4po-angular + depends_on: + - c4po-keycloak + links: + - c4po-keycloak + deploy: + resources: + limits: + memory: "1G" + ports: + - 4200:4200 + networks: + - c4po + + c4po-api: + build: '../security-c4po-api' + image: security-c4po-api:latest + container_name: c4po-api + environment: + - SPRING_PROFILES_ACTIVE=COMPOSE + depends_on: + - c4po-db + - c4po-keycloak + links: + - c4po-db + - c4po-keycloak + deploy: + resources: + limits: + memory: "1G" + ports: + - 8443:8443 + networks: + - c4po + +networks: + c4po: diff --git a/security-c4po-cfg/frontend/docker-compose.frontend.yml b/security-c4po-cfg/frontend/docker-compose.frontend.yml index 1da32ed..d88f900 100644 --- a/security-c4po-cfg/frontend/docker-compose.frontend.yml +++ b/security-c4po-cfg/frontend/docker-compose.frontend.yml @@ -4,13 +4,12 @@ services: c4po-angular: build: '../../security-c4po-angular' image: security-c4po-angular:latest - container_name: security-c4po-angular + container_name: c4po-angular + depends_on: + - c4po-keycloak deploy: resources: limits: memory: "1G" ports: - 4200:4200 - -networks: - c4po: diff --git a/security-c4po-cfg/kc/docker-compose.keycloak.yml b/security-c4po-cfg/kc/docker-compose.keycloak.yml index 84bf79d..ac3b62d 100644 --- a/security-c4po-cfg/kc/docker-compose.keycloak.yml +++ b/security-c4po-cfg/kc/docker-compose.keycloak.yml @@ -2,23 +2,22 @@ version: '3.1' services: c4po-keycloak: - container_name: security-c4po-keycloak + container_name: c4po-keycloak depends_on: - - keycloak-postgres + - c4po-keycloak-postgres image: jboss/keycloak:11.0.3 volumes: - ../cfg/c4po_realm_export.json:/tmp/c4po_realm_export.json ports: - 8888:8080 - - 9990:9990 env_file: - ../cfg/keycloak.env - keycloak-postgres: - container_name: security-c4po-postgres-keycloak + c4po-keycloak-postgress: + container_name: c4po-keycloak-postgres image: postgres:latest env_file: - ../cfg/keycloakdb.env ports: - 5433:5432 volumes: - - ../volumes/keycloak/data:/var/lib/postgresql/data + - ../volumes/keycloak/data:/var/lib/postgres/data diff --git a/security-c4po-cfg/mongodb/.DS_Store b/security-c4po-cfg/mongodb/.DS_Store deleted file mode 100644 index 5086a816ce4d2351c5dd31383748b56d95ca5432..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6148 zcmeHKJx{|x41I&EUZrS+R@caQH3SAkHE!pqR z@w;o@5Z3@?z3Z-k6@VpO5$_u2rq9)9b`%*Q(s{-MUU7jI1D^g~0w{`hP9`G*--X{kUekP4&%sX!`lNCEA=wB?Co z##A5`NCmzX(C;AbM`mc^RH9QQMhtN}^CjwP z;OOXdh~3O{;%12nMeKIwi6j+I-z3)wV%!)$LEkrlfwHGU^p6C1iEB{Ays)tb-mxF#M?tSB{y|_G0#Q&;w{@0I_{j57Y zY`p%gi!#oNZqF2FX%{Kq53(ZF!;T&lY2VBf*?{NO>-EFN#%R=Tx0=Dn)`xL37;SCA zfB$ZCJg$4|Z`#|tN9UKnMpxtC*JdfC(724O3I2f_ICI4OjCw_`ixb4SZk5i_@CrJC zO)25FH$mGiGA3!8$$qY+%`9_S5ZUWOio5d>eK%LI~OD#C0L6LI?*+SaLCZBQ#I?MM~B)29&hMUaBsl zR7H5E1zG+-1GIN#5sOgdBK)*}o0waC)1nI*#zo!sjos&$=q63td9C&;OJn8niAl$) zR4UVz)8I;VgFMVT?MB!-rl@u6y&u{eNd7{dZ@gI1QR>=M2~{2-2z8DIvOfe~Q99&OIl2-LzQFaylM?=nE= zg9jz_Efxm#(Sbp?0KhWbT43v6f1pPWpl`7-2oFS>RG>+fw#AUPbC4z-^S+HQ44QNy z^_#JdeY3P3inNV~^mMq8zCj+D0cPMM1JwILs&xPF{@nlTARd?jW?(cKkma3Vr-9n+ z-TI|Ux@$e?Ih2Ir3WLKG82TzkEM3L(P%ZF#WB`4Og+X{A{3D=g;DH(VQwH7vBK=y+ diff --git a/security-c4po-cfg/volumes/keycloak/data/.DS_Store b/security-c4po-cfg/volumes/keycloak/data/.DS_Store deleted file mode 100644 index 5008ddfcf53c02e82d7eee2e57c38e5672ef89f6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6148 zcmeH~Jr2S!425mzP>H1@V-^m;4Wg<&0T*E43hX&L&p$$qDprKhvt+--jT7}7np#A3 zem<@ulZcFPQ@L2!n>{z**++&mCkOWA81W14cNZlEfg7;MkzE(HCqgga^y>{tEnwC%0;vJ&^%eQ zLs35+`xjp>T0S5ZUWOio5d>eK%LI~OD#C0L6LI?*+SaLCZBQ#I?MM~B)29&hMUaBsl zR7H5E1zG+-1GIN#5sOgdBK)*}o0waC)1nI*#zo!sjos&$=q63td9C&;OJn8niAl$) zR4UVz)8I;VgFMVT?MB!-rl@u6y&u{eNd7{dZ@gI1QR>=M2~{2-2z8DIvOfe~Q99&OIl2-LzQFaylM?=nE= zg9jz_Efxm#(Sbp?0KhWbT43v6f1pPWpl`7-2oFS>RG>+fw#AUPbC4z-^S+HQ44QNy z^_#JdeY3P3inNV~^mMq8zCj+D0cPMM1JwILs&xPF{@nlTARd?jW?(cKkma3Vr-9n+ z-TI|Ux@$e?Ih2Ir3WLKG82TzkEM3L(P%ZF#WB`4Og+X{A{3D=g;DH(VQwH7vBK=y+ diff --git a/security-c4po-cfg/volumes/mongodb/data/.DS_Store b/security-c4po-cfg/volumes/mongodb/data/.DS_Store deleted file mode 100644 index 5008ddfcf53c02e82d7eee2e57c38e5672ef89f6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6148 zcmeH~Jr2S!425mzP>H1@V-^m;4Wg<&0T*E43hX&L&p$$qDprKhvt+--jT7}7np#A3 zem<@ulZcFPQ@L2!n>{z**++&mCkOWA81W14cNZlEfg7;MkzE(HCqgga^y>{tEnwC%0;vJ&^%eQ zLs35+`xjp>T0