From 94f0a838b67476a219fb30ed4ba8668d2ee213e0 Mon Sep 17 00:00:00 2001 From: GayathriSrividya Date: Tue, 28 Jan 2025 15:23:16 +0530 Subject: [PATCH] Keycloak upgrade fixes for v21.1.2 --- .../learnbb/charts/keycloak/configs/env.yaml | 7 +- .../charts/keycloak/configs/realm.json | 8653 +++++++++-------- .../learnbb/charts/keycloak/values.yaml | 6 +- 3 files changed, 4662 insertions(+), 4004 deletions(-) diff --git a/helmcharts/learnbb/charts/keycloak/configs/env.yaml b/helmcharts/learnbb/charts/keycloak/configs/env.yaml index 6020f49..57fd289 100644 --- a/helmcharts/learnbb/charts/keycloak/configs/env.yaml +++ b/helmcharts/learnbb/charts/keycloak/configs/env.yaml @@ -12,4 +12,9 @@ DB_PORT: "{{ .Values.global.postgresql.port }}" JAVA_TOOL_OPTIONS: "-Dkeycloak.profile.feature.upload_scripts=enabled" PROXY_ADDRESS_FORWARDING: "true" KEYCLOAK_IMPORT: "/config/realm.json" -sunbird_user_service_base_url: "{{ .Values.sunbird_user_service_base_url }}" \ No newline at end of file +sunbird_user_service_base_url: "{{ .Values.sunbird_user_service_base_url }}" +KC_DB: "{{ .Values.keycloak_database_type }}" +KC_DB_URL: "jdbc:postgresql://{{ .Values.global.postgresql.host }}:{{ .Values.global.postgresql.port }}/{{ .Values.keycloak_database_name }}?sslmode=disable" +KC_DB_USERNAME: "{{ .Values.global.postgresql.postgresqlUsername }}" +KC_DB_PASSWORD: "{{ .Values.global.postgresql.postgresqlPassword }}" +KC_FEATURES: token-exchange,upload-scripts \ No newline at end of file diff --git a/helmcharts/learnbb/charts/keycloak/configs/realm.json b/helmcharts/learnbb/charts/keycloak/configs/realm.json index 34bed5c..35a58cb 100644 --- a/helmcharts/learnbb/charts/keycloak/configs/realm.json +++ b/helmcharts/learnbb/charts/keycloak/configs/realm.json @@ -1,4165 +1,4818 @@ { - "id": "sunbird", - "realm": "sunbird", - "displayName": "sunbird", - "notBefore": 1548955037, - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 43200, - "accessTokenLifespanForImplicitFlow": 5184000, - "ssoSessionIdleTimeout": 86400, - "ssoSessionMaxLifespan": 86400, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 259200, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "accessCodeLifespan": 1800, - "accessCodeLifespanUserAction": 1800, - "accessCodeLifespanLogin": 43200, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "enabled": true, - "sslRequired": "none", - "registrationAllowed": true, - "registrationEmailAsUsername": false, - "rememberMe": true, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": true, - "editUsernameAllowed": false, - "bruteForceProtected": true, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 86400, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 10, - "roles": { - "realm": [ - { - "id": "7b955d7f-0a1e-4935-8391-642886d34612", - "name": "offline_access", - "description": "${role_offline-access}", + "id": "sunbird", + "realm": "sunbird", + "displayName": "sunbird", + "notBefore": 1548955037, + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 43200, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 86400, + "ssoSessionMaxLifespan": 86400, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 1800, + "accessCodeLifespanUserAction": 1800, + "accessCodeLifespanLogin": 43200, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, + "enabled": true, + "sslRequired": "none", + "registrationAllowed": true, + "registrationEmailAsUsername": false, + "rememberMe": true, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": true, + "editUsernameAllowed": false, + "bruteForceProtected": true, + "permanentLockout": false, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 86400, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 10, + "roles": { + "realm": [ + { + "id": "fd2236b3-e015-4411-b4e1-cd0f8470d5d4", + "name": "default-roles-sunbird", + "description": "${role_default-roles-sunbird}", + "composite": true, + "composites": { + "realm": [ + "offline_access", + "uma_authorization" + ], + "client": { + "account": [ + "manage-account", + "view-profile" + ] + } + }, + "clientRole": false, + "containerId": "sunbird", + "attributes": {} + }, + { + "id": "7b955d7f-0a1e-4935-8391-642886d34612", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "sunbird", + "attributes": {} + }, + { + "id": "d6e505fe-c3c5-4689-946e-7f69d3f64c6c", + "name": "admin", + "description": "role_admin", + "composite": true, + "composites": { + "realm": [ + "offline_access", + "uma_authorization" + ] + }, + "clientRole": false, + "containerId": "sunbird", + "attributes": {} + }, + { + "id": "96adf368-c8e2-4b39-b2a5-2559573edb63", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "sunbird", + "attributes": {} + } + ], + "client": { + "direct-grant": [], + "nodebb": [], + "realm-management": [ + { + "id": "3f8bf7e5-5d66-4394-8f06-1270529c605f", + "name": "manage-authorization", + "description": "${role_manage-authorization}", "composite": false, - "clientRole": false, - "containerId": "sunbird", + "clientRole": true, + "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", "attributes": {} }, { - "id": "d6e505fe-c3c5-4689-946e-7f69d3f64c6c", - "name": "admin", - "description": "role_admin", - "composite": true, - "composites": { - "realm": [ - "offline_access", - "uma_authorization" - ] - }, - "clientRole": false, - "containerId": "sunbird", + "id": "601fa2c9-29d4-49c1-87ac-939a1260f6ce", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", "attributes": {} }, { - "id": "96adf368-c8e2-4b39-b2a5-2559573edb63", - "name": "uma_authorization", - "description": "${role_uma_authorization}", + "id": "9aa1dcd9-cb93-4496-af5f-41b9ecacc1da", + "name": "view-authorization", + "description": "${role_view-authorization}", "composite": false, - "clientRole": false, - "containerId": "sunbird", + "clientRole": true, + "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", "attributes": {} - } - ], - "client": { - "direct-grant": [], - "nodebb": [], - "realm-management": [ - { - "id": "3f8bf7e5-5d66-4394-8f06-1270529c605f", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", - "attributes": {} - }, - { - "id": "601fa2c9-29d4-49c1-87ac-939a1260f6ce", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", - "attributes": {} - }, - { - "id": "9aa1dcd9-cb93-4496-af5f-41b9ecacc1da", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", - "attributes": {} - }, - { + }, + { "id": "98999987-faf5-4c4e-958a-e5463bc4edc6", "name": "manage-events", "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", - "attributes": {} - }, - { + "composite": false, + "clientRole": true, + "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", + "attributes": {} + }, + { "id": "f898fca8-5361-49d5-900a-ebf5b775a939", "name": "impersonation", "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", - "attributes": {} - }, - { - "id": "698dfeb0-b8d2-4240-b8a8-acd4b7a12ad3", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", - "attributes": {} - }, - { - "id": "3ff462fc-b33c-431a-b54b-861c3298d910", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", - "attributes": {} - }, - { - "id": "be1802b1-558c-404c-bcb9-b9bf77af9788", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", - "attributes": {} - }, - { - "id": "387b44e4-e901-4431-b9af-6abd9377ed46", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", - "attributes": {} - }, - { - "id": "a408b6e8-03c9-46a2-97ba-305d09db0c3c", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", - "attributes": {} - }, - { - "id": "41c2f39a-3008-4f9d-9e1e-a7738c118570", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", - "attributes": {} - }, - { - "id": "26d3289b-d2eb-4cf2-a501-f1e3fa07344c", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", - "attributes": {} - }, - { - "id": "e2077ab0-6efb-450d-9cba-89cacd887b71", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", - "attributes": {} - }, - { - "id": "46019462-3dc8-46a8-9786-ffcbad293f43", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-groups", - "query-users" - ] - } - }, - "clientRole": true, - "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", - "attributes": {} - }, - { - "id": "d269f220-e93f-4b43-96a1-9f2c117a2dfb", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", - "attributes": {} - }, - { - "id": "0c998f1b-7363-47fb-a493-4b6f4aacb0ba", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "manage-authorization", - "query-realms", - "view-authorization", - "manage-events", - "impersonation", - "view-realm", - "manage-users", - "manage-identity-providers", - "query-clients", - "view-events", - "query-groups", - "manage-clients", - "create-client", - "view-users", - "view-clients", - "manage-realm", - "view-identity-providers", - "query-users" - ] - } - }, - "clientRole": true, - "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", - "attributes": {} - }, - { - "id": "d77bf5a5-5877-450b-b11e-5f874f410e10", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", - "attributes": {} - }, - { - "id": "d97009ed-d0c7-4afb-b9a3-6ee03ef01a74", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", - "attributes": {} - }, - { - "id": "57118202-c5e5-4c49-829b-c2ed796bfdea", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", - "attributes": {} - } - ], - "google-auth-desktop": [], - "security-admin-console": [], - "android": [], - "broker": [ - { - "id": "19ef58ac-2d90-40a4-a158-0e2f8893264a", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "c3950efa-6684-44c2-b50a-c7b3d16df04b", - "attributes": {} - } - ], - "trampoline-android": [], - "desktop": [], - "lms": [ - { - "id": "058715c3-bda2-42f8-b217-d3c8ad10875b", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "manage-users" - ], - "lms": [ - "manage-users" - ] - } - }, - "clientRole": true, - "containerId": "f1e29715-91d7-4f2a-b11f-c10786f737e5", - "attributes": {} - }, - { - "id": "670b76e1-643b-449e-bd02-057eac587b32", - "name": "uma_protection", - "composite": false, - "clientRole": true, - "containerId": "f1e29715-91d7-4f2a-b11f-c10786f737e5", - "attributes": {} - } - ], - "trampoline-desktop": [], - "google-auth-android": [], - "admin-cli": [], - "trampoline": [], - "portal": [], - "account": [ - { - "id": "1fef7ac5-b042-462b-8298-0446044788b3", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": [ - "manage-account-links" - ] - } - }, - "clientRole": true, - "containerId": "c2d24d3f-65ca-46de-9cd8-3eeb71a7f83d", - "attributes": {} - }, - { - "id": "f8786348-6fa4-4b13-828e-9f080c9c6824", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "c2d24d3f-65ca-46de-9cd8-3eeb71a7f83d", - "attributes": {} - }, - { - "id": "91c5c738-9c39-4c4d-bae8-75f18fd7c5e4", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "c2d24d3f-65ca-46de-9cd8-3eeb71a7f83d", - "attributes": {} - } - ], - "google-auth": [] - } - }, - "groups": [], - "defaultRoles": [ - "offline_access", - "uma_authorization" - ], - "requiredCredentials": [ - "password" - ], - "passwordPolicy": "hashIterations(20000) and length and upperCase and specialChars and lowerCase and digits and passwordHistory(1)", - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 120, - "otpSupportedApplications": [ - "FreeOTP" - ], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - } - ], - "clients": [ - { - "id": "26320feb-8a5d-49e4-80c5-20eb7428a11e", - "clientId": "nodebb", - "rootUrl": "https://{{ .Values.global.domain }}/discussions", - "adminUrl": "https://{{ .Values.global.domain }}/discussions", - "baseUrl": "/", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "{{ .Values.nodebb_client_secret }}{{ .Values.global.random_string }}", - "redirectUris": [ - "https://{{ .Values.global.domain }}/auth/fusionauth-oidc/callback", - "https://{{ .Values.global.domain }}/discussions/*", - "https://{{ .Values.global.domain }}/discussions/auth/fusionauth-oidc/callback" - ], - "webOrigins": [ - "https://{{ .Values.global.domain }}" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "saml.authnstatement": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "ccaa12e5-c02d-43d6-be17-a9589058a59a", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" + "composite": false, + "clientRole": true, + "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", + "attributes": {} + }, + { + "id": "065fcda4-17c2-47eb-9c1d-b954b7e2176a", + "name": "uma_protection", + "composite": false, + "clientRole": true, + "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", + "attributes": {} + }, + { + "id": "3ff462fc-b33c-431a-b54b-861c3298d910", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", + "attributes": {} + }, + { + "id": "698dfeb0-b8d2-4240-b8a8-acd4b7a12ad3", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", + "attributes": {} + }, + { + "id": "be1802b1-558c-404c-bcb9-b9bf77af9788", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", + "attributes": {} + }, + { + "id": "387b44e4-e901-4431-b9af-6abd9377ed46", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", + "attributes": {} + }, + { + "id": "a408b6e8-03c9-46a2-97ba-305d09db0c3c", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", + "attributes": {} + }, + { + "id": "41c2f39a-3008-4f9d-9e1e-a7738c118570", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", + "attributes": {} + }, + { + "id": "26d3289b-d2eb-4cf2-a501-f1e3fa07344c", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", + "attributes": {} + }, + { + "id": "e2077ab0-6efb-450d-9cba-89cacd887b71", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", + "attributes": {} + }, + { + "id": "d269f220-e93f-4b43-96a1-9f2c117a2dfb", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-clients" + ] } }, - { - "id": "beecffc2-7cee-46d2-95bf-4fe6d9083c8b", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" + "clientRole": true, + "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", + "attributes": {} + }, + { + "id": "46019462-3dc8-46a8-9786-ffcbad293f43", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-groups", + "query-users" + ] } }, - { - "id": "ae5ab74e-4e43-4e5f-9ed3-7cc9b5420247", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true" + "clientRole": true, + "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", + "attributes": {} + }, + { + "id": "d77bf5a5-5877-450b-b11e-5f874f410e10", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", + "attributes": {} + }, + { + "id": "0c998f1b-7363-47fb-a493-4b6f4aacb0ba", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "manage-authorization", + "query-realms", + "view-authorization", + "manage-events", + "impersonation", + "view-realm", + "manage-users", + "manage-identity-providers", + "query-clients", + "view-events", + "query-groups", + "manage-clients", + "create-client", + "view-users", + "view-clients", + "manage-realm", + "view-identity-providers", + "query-users" + ] } }, - { - "id": "9dd1607d-5fc2-4d13-9ec7-4a08d9139217", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" + "clientRole": true, + "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", + "attributes": {} + }, + { + "id": "57118202-c5e5-4c49-829b-c2ed796bfdea", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", + "attributes": {} + }, + { + "id": "d97009ed-d0c7-4afb-b9a3-6ee03ef01a74", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "b2f45201-1362-4b10-83c3-207d470f44bf", + "attributes": {} + } + ], + "google-auth-desktop": [], + "security-admin-console": [], + "android": [], + "account-console": [], + "broker": [ + { + "id": "19ef58ac-2d90-40a4-a158-0e2f8893264a", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "c3950efa-6684-44c2-b50a-c7b3d16df04b", + "attributes": {} + } + ], + "trampoline-android": [], + "desktop": [], + "lms": [ + { + "id": "058715c3-bda2-42f8-b217-d3c8ad10875b", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "manage-users" + ], + "lms": [ + "manage-users" + ] } }, - { - "id": "bc5fee3f-ee82-4a34-bfdb-7be32445b7e6", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" + "clientRole": true, + "containerId": "f1e29715-91d7-4f2a-b11f-c10786f737e5", + "attributes": {} + }, + { + "id": "670b76e1-643b-449e-bd02-057eac587b32", + "name": "uma_protection", + "composite": false, + "clientRole": true, + "containerId": "f1e29715-91d7-4f2a-b11f-c10786f737e5", + "attributes": {} + } + ], + "trampoline-desktop": [], + "google-auth-android": [], + "admin-cli": [], + "trampoline": [], + "portal": [], + "account": [ + { + "id": "1fef7ac5-b042-462b-8298-0446044788b3", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": [ + "manage-account-links" + ] } }, - { - "id": "224ab538-bc07-41a0-8dfd-20327e475aa5", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" + "clientRole": true, + "containerId": "c2d24d3f-65ca-46de-9cd8-3eeb71a7f83d", + "attributes": {} + }, + { + "id": "f8786348-6fa4-4b13-828e-9f080c9c6824", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "c2d24d3f-65ca-46de-9cd8-3eeb71a7f83d", + "attributes": {} + }, + { + "id": "ce24873f-db22-4b71-88c0-4a68954e4306", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "c2d24d3f-65ca-46de-9cd8-3eeb71a7f83d", + "attributes": {} + }, + { + "id": "91c5c738-9c39-4c4d-bae8-75f18fd7c5e4", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "c2d24d3f-65ca-46de-9cd8-3eeb71a7f83d", + "attributes": {} + }, + { + "id": "e33c3587-50ca-4dcc-8c31-ca49fe573b7b", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "c2d24d3f-65ca-46de-9cd8-3eeb71a7f83d", + "attributes": {} + }, + { + "id": "49bf3004-97c7-49aa-9bb5-8df38fe1ca51", + "name": "delete-account", + "description": "${role_delete-account}", + "composite": false, + "clientRole": true, + "containerId": "c2d24d3f-65ca-46de-9cd8-3eeb71a7f83d", + "attributes": {} + }, + { + "id": "a06d2620-5b9e-4a2b-a629-9196e0d297eb", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": [ + "view-consent" + ] } - } + }, + "clientRole": true, + "containerId": "c2d24d3f-65ca-46de-9cd8-3eeb71a7f83d", + "attributes": {} + }, + { + "id": "745d7545-5d66-4402-b773-fa0e5b3eb16a", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "c2d24d3f-65ca-46de-9cd8-3eeb71a7f83d", + "attributes": {} + } + ], + "google-auth": [] + } + }, + "groups": [], + "defaultRole": { + "id": "fd2236b3-e015-4411-b4e1-cd0f8470d5d4", + "name": "default-roles-sunbird", + "description": "${role_default-roles-sunbird}", + "composite": true, + "clientRole": false, + "containerId": "sunbird" + }, + "requiredCredentials": [ + "password" + ], + "passwordPolicy": "length and upperCase and specialChars and lowerCase and digits and passwordHistory(1)", + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, + "otpSupportedApplications": [ + "totpAppFreeOTPName", + "totpAppMicrosoftAuthenticatorName", + "totpAppGoogleName" + ], + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "users": [ + { + "id": "0f6d9d46-ec66-4664-81a7-deb1582ede95", + "createdTimestamp": 1722407316804, + "username": "service-account-lms", + "enabled": true, + "totp": false, + "emailVerified": false, + "email": "service-account-lms@placeholder.org", + "serviceAccountClientId": "lms", + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "offline_access", + "admin", + "uma_authorization" + ], + "clientRoles": { + "lms": [ + "manage-users", + "uma_protection" ], - "defaultClientScopes": [ - "web-origins", - "roles" + "account": [ + "manage-account", + "view-profile" + ] + }, + "notBefore": 0, + "groups": [] + }, + { + "id": "c40aedf6-63d6-4529-9d7e-4718c7fd7a24", + "createdTimestamp": 1722407316732, + "username": "service-account-realm-management", + "enabled": true, + "totp": false, + "emailVerified": false, + "email": "service-account-realm-management@placeholder.org", + "serviceAccountClientId": "realm-management", + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "offline_access", + "uma_authorization" + ], + "clientRoles": { + "realm-management": [ + "uma_protection" ], - "optionalClientScopes": [ - "offline_access", - "microprofile-jwt" + "account": [ + "manage-account", + "view-profile" ] }, + "notBefore": 0, + "groups": [] + } + ], + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": [ + "offline_access" + ] + } + ], + "clientScopeMappings": { + "account": [ { - "id": "9a901d18-377b-4615-9b89-677b544be3c5", - "clientId": "trampoline", - "rootUrl": "https://{{ .Values.global.domain }}", - "adminUrl": "", - "baseUrl": "/", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "{{ .Values.trampoline_client_secret }}{{ .Values.global.random_string }}", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "saml.authnstatement": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "12134027-94cc-401c-bbf6-be565078ddfb", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - }, - { - "id": "6a956bf1-6c40-4549-b335-9fe8c788b18f", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "d32ba1d4-3fef-42ff-aa2b-98cb4bfef6f9", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "9e899fc7-1ddd-447d-810c-d91333d6621c", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "74e4d13f-bd02-4f17-bbbc-d4b79bab1971", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "id": "48fe23c2-a6fb-4c5e-8930-28ad1913829a", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles" - ], - "optionalClientScopes": [ - "offline_access", - "microprofile-jwt" + "client": "account-console", + "roles": [ + "manage-account", + "view-groups" ] + } + ] + }, + "clients": [ + { + "id": "c2d24d3f-65ca-46de-9cd8-3eeb71a7f83d", + "clientId": "account", + "name": "${client_account}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/sunbird/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "", + "redirectUris": [ + "/realms/sunbird/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" }, - { - "id": "da893beb-6ac7-420d-b51b-f05dadf56bbc", - "clientId": "android", - "rootUrl": "https://{{ .Values.global.domain }}", - "baseUrl": "/", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "{{ .Values.android_client_secret }}{{ .Values.global.random_string }}", - "redirectUris": [ - "https://{{ .Values.global.domain }}/oauth2callback", - "{{ .Values.global.env }}.sunbird.app://mobile" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "saml.authnstatement": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "ff7dac46-16b4-4ab6-a054-dd03d5411fa9", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - }, - { - "id": "32fad9c0-0dfe-45b2-94a1-3e2f74d756ec", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "4fb4d644-c609-4a27-a407-d451bcd83e16", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "84e7c6e5-1afb-44d8-b507-1ed31fa0f351", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "id": "e7ca189f-94de-4996-a192-e93ba960bbba", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "16bedb3b-7571-4106-9a47-66151915ac31", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "a64118ab-33c8-4060-9f3e-3ed817ba8e0d", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" } - ], - "defaultClientScopes": [ - "web-origins", - "roles" - ], - "optionalClientScopes": [ - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "4e8f751d-5caa-489f-a281-636b56576cee", - "clientId": "google-auth-desktop", - "rootUrl": "https://{{ .Values.global.domain }}", - "adminUrl": "", - "baseUrl": "/", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "{{ .Values.google_auth_desktop_client_secret }}{{ .Values.global.random_string }}", - "redirectUris": [ - "https://{{ .Values.global.domain }}/*" - ], - "webOrigins": [ - "https://{{ .Values.global.domain }}" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "saml.authnstatement": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "d63f24fa-6ea0-4445-89db-18cbeb06f24a", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - }, - { - "id": "c2ab9976-561e-4ba0-8599-e573e6abafe3", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "id": "f06b6720-9ee5-42b3-8ba1-ad232f622570", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "10dce5cc-503e-4dff-9f07-f1c534956747", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "8c97679c-aa11-4794-a157-5e08bb315033", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true" - } - }, - { - "id": "66405b47-d570-414f-bbfb-5f9bdbcc6132", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } + }, + { + "id": "1f4a0c5e-7c8a-4693-8be5-14681b243868", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" } - ], - "defaultClientScopes": [ - "web-origins", - "roles" - ], - "optionalClientScopes": [ - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "21529800-33dd-11eb-adc1-0242ac120002", - "clientId": "desktop", - "rootUrl": "https://{{ .Values.global.domain }}", - "adminUrl": "https://{{ .Values.global.domain }}", - "baseUrl": "/", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "{{ .Values.desktop_cleint_secret }}{{ .Values.global.random_string }}", - "redirectUris": [ - "https://{{ .Values.global.domain }}/oauth2callback" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "saml.authnstatement": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "f9d3b3b4-b2f7-44dd-9a88-3c3e84498af4", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "21529a26-33dd-11eb-adc1-0242ac120002", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - }, - { - "id": "2152a052-33dd-11eb-adc1-0242ac120002", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "005d98d7-be8b-4847-8616-12ec41a05382", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "21529c10-33dd-11eb-adc1-0242ac120002", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "21529ce2-33dd-11eb-adc1-0242ac120002", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "id": "21529b2a-33dd-11eb-adc1-0242ac120002", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "b6432e79-2303-43a5-bc9b-a848aef35789", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "21529daa-33dd-11eb-adc1-0242ac120002", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } + }, + { + "id": "8d88a133-a399-4e75-b051-5b0d4ae850ab", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" } - ], - "defaultClientScopes": [ - "web-origins", - "roles" - ], - "optionalClientScopes": [ - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "b2f45201-1362-4b10-83c3-207d470f44bf", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "authorizationServicesEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "71605238-bf41-400e-8c03-a5d78f54b00b", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "id": "a0cb6f3a-30ef-4475-b73f-ca6c2f1f3675", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "3a7708b1-63b9-4116-af7f-969fc1bf61a4", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - }, - { - "id": "c393d7b7-fa22-4e90-9ad7-07d520632c20", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "e77aae69-8ea4-4ee4-bcd6-ba7ef3958c02", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "2d8cbac4-e4dd-4fa6-bf71-98adf826b9dd", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } + }, + { + "id": "45593258-916c-4158-8577-d9806c16415a", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "027be48e-b7dc-4c3a-a648-414a466b67dd", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "c93937f9-0446-4be9-8b47-3c6de857497e", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" } - ], - "defaultClientScopes": [], - "optionalClientScopes": [], - "authorizationSettings": { - "allowRemoteResourceManagement": false, - "policyEnforcementMode": "ENFORCING", - "resources": [ - { - "name": "role.resource.d6e505fe-c3c5-4689-946e-7f69d3f64c6c", - "type": "Role", - "ownerManagedAccess": false, - "attributes": {}, - "_id": "88e477b6-2f34-40cb-8762-89ba9a1d66eb", - "uris": [], - "scopes": [ - { - "name": "map-role-composite" - }, - { - "name": "map-role-client-scope" - }, - { - "name": "map-role" - } - ] - }, - { - "name": "client.resource.8c12290d-d62f-48ce-913b-c93bf995ca59", - "type": "Client", - "ownerManagedAccess": false, - "attributes": {}, - "_id": "78be7d45-828c-46ce-b8ee-bbc7d654eda6", - "uris": [], - "scopes": [ - { - "name": "view" - }, - { - "name": "map-roles-client-scope" - }, - { - "name": "configure" - }, - { - "name": "map-roles" - }, - { - "name": "manage" - }, - { - "name": "map-roles-composite" - } - ] - } - ], - "policies": [ - { - "id": "f50ba18c-aa7c-4925-8225-38610d77066a", - "name": "map-role.permission.d6e505fe-c3c5-4689-946e-7f69d3f64c6c", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "AFFIRMATIVE", - "config": { - "resources": "[\"role.resource.d6e505fe-c3c5-4689-946e-7f69d3f64c6c\"]", - "scopes": "[\"map-role\"]" - } - }, - { - "id": "735e8e6f-feaa-4865-be21-3c463f058b9e", - "name": "map-role-client-scope.permission.d6e505fe-c3c5-4689-946e-7f69d3f64c6c", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "AFFIRMATIVE", - "config": { - "resources": "[\"role.resource.d6e505fe-c3c5-4689-946e-7f69d3f64c6c\"]", - "scopes": "[\"map-role-client-scope\"]" - } - }, - { - "id": "7b1400f7-28fa-46b0-ac62-5029208bf5cd", - "name": "map-role-composite.permission.d6e505fe-c3c5-4689-946e-7f69d3f64c6c", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "AFFIRMATIVE", - "config": { - "resources": "[\"role.resource.d6e505fe-c3c5-4689-946e-7f69d3f64c6c\"]", - "scopes": "[\"map-role-composite\"]" - } - }, - { - "id": "280a230c-2c62-4f15-b6c1-c60ccbaebb49", - "name": "manage.permission.client.8c12290d-d62f-48ce-913b-c93bf995ca59", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"client.resource.8c12290d-d62f-48ce-913b-c93bf995ca59\"]", - "scopes": "[\"manage\"]" - } - }, - { - "id": "05accf91-18b6-4473-8797-97270784d7f0", - "name": "configure.permission.client.8c12290d-d62f-48ce-913b-c93bf995ca59", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"client.resource.8c12290d-d62f-48ce-913b-c93bf995ca59\"]", - "scopes": "[\"configure\"]" - } - }, - { - "id": "d6c34ee5-3513-4779-b866-969c3b239a86", - "name": "view.permission.client.8c12290d-d62f-48ce-913b-c93bf995ca59", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"client.resource.8c12290d-d62f-48ce-913b-c93bf995ca59\"]", - "scopes": "[\"view\"]" - } - }, - { - "id": "2d078a8f-3b8d-49bf-8777-1ec008750f5d", - "name": "map-roles.permission.client.8c12290d-d62f-48ce-913b-c93bf995ca59", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"client.resource.8c12290d-d62f-48ce-913b-c93bf995ca59\"]", - "scopes": "[\"map-roles\"]" - } - }, - { - "id": "4094a5e8-5344-404a-b7fc-105a9449665c", - "name": "map-roles-client-scope.permission.client.8c12290d-d62f-48ce-913b-c93bf995ca59", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"client.resource.8c12290d-d62f-48ce-913b-c93bf995ca59\"]", - "scopes": "[\"map-roles-client-scope\"]" - } - }, - { - "id": "dbd7f47f-47bf-4040-ab10-8d34ff02810c", - "name": "map-roles-composite.permission.client.8c12290d-d62f-48ce-913b-c93bf995ca59", - "type": "scope", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "resources": "[\"client.resource.8c12290d-d62f-48ce-913b-c93bf995ca59\"]", - "scopes": "[\"map-roles-composite\"]" - } - } - ], - "scopes": [ - { - "id": "8cbcc54b-e113-4b3b-afdd-2b1c0ce53a72", - "name": "map-role" - }, - { - "id": "74001b3e-c52e-40e0-9ad1-dfcaa7c068b1", - "name": "map-role-client-scope" - }, - { - "id": "d5f2f548-4856-4191-b196-1901d79a1376", - "name": "map-role-composite" - }, - { - "id": "1dbc819e-8612-478e-b0da-e8573954b60e", - "name": "manage" - }, - { - "id": "e7067636-4620-480c-afb4-efe104a6ad69", - "name": "view" - }, - { - "id": "60f9a211-96d0-4ab7-b0c2-d4f0214d717c", - "name": "map-roles" - }, - { - "id": "56022a9b-33cd-4b2b-90c6-5a4aa1302dcd", - "name": "map-roles-client-scope" - }, - { - "id": "73b840d5-e62b-46a6-aee4-9891be59d723", - "name": "map-roles-composite" - }, - { - "id": "9daa40c7-bbba-49a3-bc96-e1ef93bb48d2", - "name": "configure" - } - ], - "decisionStrategy": "UNANIMOUS" } + ], + "defaultClientScopes": [ + "web-origins", + "roles" + ], + "optionalClientScopes": [ + "microprofile-jwt" + ] + }, + { + "id": "4c1b0eb2-d5ea-47a7-87d6-6f1bfdcfaab5", + "clientId": "account-console", + "name": "${client_account-console}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/sunbird/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/sunbird/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "pkce.code.challenge.method": "S256" }, - { - "id": "79e661df-66d6-4020-b5b0-57ec229db534", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": false, - "clientAuthenticatorType": "client-secret", - "secret": "", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "saml.authnstatement": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "8a48e88a-2512-4f7f-98ca-12b089e558ec", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - }, - { - "id": "6486f986-af84-45b9-acab-0af181f82b25", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true" - } - }, - { - "id": "76a95ad8-a613-44f5-ae05-1a44a3bde639", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "id": "30cb61be-772a-4589-b381-e2080c74cfcf", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "af80ae44-1e32-46a2-8784-14261c92b80e", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "90d13750-e6cc-439e-9e7e-7483ce90eb1b", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles" - ], - "optionalClientScopes": [ - "microprofile-jwt" - ] + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "5472a6a3-e330-43d2-8175-4bad6e651449", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], + "defaultClientScopes": [], + "optionalClientScopes": [] + }, + { + "id": "79e661df-66d6-4020-b5b0-57ec229db534", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": false, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", + "saml.encrypt": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "saml.authnstatement": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "saml.onetimeuse.condition": "false" }, - { - "id": "8c12290d-d62f-48ce-913b-c93bf995ca59", - "clientId": "portal", - "rootUrl": "https://{{ .Values.global.domain }}", - "adminUrl": "/oauth2callback", - "baseUrl": "/", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "", - "redirectUris": [ - "https://{{ .Values.global.domain }}/private/*", - "https://{{ .Values.global.domain }}/*", - "https://{{ .Values.global.domain }}/" - ], - "webOrigins": [ - "" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "exclude.session.state.from.auth.response": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "63071ff2-a5e5-4d38-b534-a9f25a075403", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "9bf9cad5-dbce-41e9-aa36-d84cc5a768a2", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "238e55b7-6545-467e-856b-f95477afe1ff", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - }, - { - "id": "edb1ff4e-b452-46bc-8c3b-d6075f6ee579", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "7a0118e2-57ff-4d23-bf74-cbfe1f545d1d", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "b59a913e-118a-4dc4-a8d7-66c44ced5345", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "8a48e88a-2512-4f7f-98ca-12b089e558ec", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" } - ], - "defaultClientScopes": [ - "web-origins", - "roles" - ], - "optionalClientScopes": [ - "offline_access", - "microprofile-jwt" - ] + }, + { + "id": "6486f986-af84-45b9-acab-0af181f82b25", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "76a95ad8-a613-44f5-ae05-1a44a3bde639", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "30cb61be-772a-4589-b381-e2080c74cfcf", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "af80ae44-1e32-46a2-8784-14261c92b80e", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "90d13750-e6cc-439e-9e7e-7483ce90eb1b", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "roles" + ], + "optionalClientScopes": [ + "microprofile-jwt" + ] + }, + { + "id": "da893beb-6ac7-420d-b51b-f05dadf56bbc", + "clientId": "android", + "rootUrl": "https://{{ .Values.global.domain }}", + "baseUrl": "/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "{{ .Values.android_client_secret }}{{ .Values.global.random_string }}", + "redirectUris": [ + "https://{{ .Values.global.domain }}/oauth2callback", + "{{ .Values.global.env }}.sunbird.app://mobile" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", + "saml.encrypt": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "saml.authnstatement": "false", + "post.logout.redirect.uris": "+", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "saml.onetimeuse.condition": "false" }, - { - "id": "349dad8b-6e03-4f22-8368-50a43ba08f6f", - "clientId": "google-auth-android", - "rootUrl": "https://{{ .Values.global.domain }}", - "adminUrl": "", - "baseUrl": "/", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "{{ .Values.google_android_client_secret }}{{ .Values.global.random_string }}", - "redirectUris": [ - "https://{{ .Values.global.domain }}/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "saml.authnstatement": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "0f977731-0434-4b22-92e9-71b5c89c1c38", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "5675d8c8-771a-4fa2-9278-7239c007c22b", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "22f8b83d-f207-4d2b-8884-8fe8d73e0f88", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - }, - { - "id": "e3334f7a-a4cc-4922-bd54-a69a59a53908", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "df970ff2-5097-4657-943a-d1ff20a9ca68", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "4ecd9267-5bf0-4eea-91d4-ee2ad9cf5f69", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "ff7dac46-16b4-4ab6-a054-dd03d5411fa9", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" } - ], - "defaultClientScopes": [ - "web-origins", - "roles" - ], - "optionalClientScopes": [ - "offline_access", - "microprofile-jwt" - ] + }, + { + "id": "32fad9c0-0dfe-45b2-94a1-3e2f74d756ec", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "4fb4d644-c609-4a27-a407-d451bcd83e16", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "84e7c6e5-1afb-44d8-b507-1ed31fa0f351", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "e7ca189f-94de-4996-a192-e93ba960bbba", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "16bedb3b-7571-4106-9a47-66151915ac31", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "roles" + ], + "optionalClientScopes": [ + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "c3950efa-6684-44c2-b50a-c7b3d16df04b", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "54c3bbc3-850b-4636-82d1-ed4f3a46a00a", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "0f0d9b74-c476-4981-a783-dd4bdbe041ec", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + }, + { + "id": "d6f625cc-eac1-49d0-bea5-17e6f9d3860c", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "bbf35056-9bbe-49a0-aefc-2bde2379ccdc", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "38b04951-1043-4dc6-9504-7b0f31ed71a4", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "88bb836b-7feb-45eb-b004-fb3be8436908", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "roles" + ], + "optionalClientScopes": [ + "microprofile-jwt" + ] + }, + { + "id": "21529800-33dd-11eb-adc1-0242ac120002", + "clientId": "desktop", + "rootUrl": "https://{{ .Values.global.domain }}", + "adminUrl": "https://{{ .Values.global.domain }}", + "baseUrl": "/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "{{ .Values.desktop_client_secret }}{{ .Values.global.random_string }}", + "redirectUris": [ + "https://{{ .Values.global.domain }}/oauth2callback" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", + "saml.encrypt": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "saml.authnstatement": "false", + "post.logout.redirect.uris": "+", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "saml.onetimeuse.condition": "false" }, - { - "id": "f1e29715-91d7-4f2a-b11f-c10786f737e5", - "clientId": "lms", - "rootUrl": "https://{{ .Values.global.domain }}", - "adminUrl": "https://{{ .Values.global.domain }}", - "baseUrl": "/", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "{{ .Values.lms_client_secret }}{{ .Values.global.random_string }}", - "redirectUris": [ - "https://{{ .Values.global.domain }}/*", - "https://{{ .Values.global.domain }}/resources" - ], - "webOrigins": [ - "https://{{ .Values.global.domain }}" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": true, - "authorizationServicesEnabled": true, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "saml.authnstatement": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "99d66c08-4cc6-4a26-b9a0-6e8200078a0b", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true" - } - }, - { - "id": "2739a92e-c49f-4670-8b77-86d169e54e32", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "75770bd7-b072-48b6-800f-acdb3a8ed578", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "60ab68af-b145-4b2e-8b39-53bd6196a266", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "id": "7d645724-6fe2-4939-afff-0ba716158d7c", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "4edb4528-7b27-4df9-b341-57b0059958c6", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - }, - { - "id": "e585f727-a10f-431b-977e-dd362f99388c", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "76cb2ee1-1ab8-4753-a486-34d071ad1e3a", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "94f9c52f-c019-4818-8b2c-30fd26274328", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "f9d3b3b4-b2f7-44dd-9a88-3c3e84498af4", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "21529a26-33dd-11eb-adc1-0242ac120002", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + }, + { + "id": "2152a052-33dd-11eb-adc1-0242ac120002", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "005d98d7-be8b-4847-8616-12ec41a05382", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "21529c10-33dd-11eb-adc1-0242ac120002", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "21529ce2-33dd-11eb-adc1-0242ac120002", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "21529b2a-33dd-11eb-adc1-0242ac120002", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "b6432e79-2303-43a5-bc9b-a848aef35789", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientId", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientId", + "jsonType.label": "String" + } + }, + { + "id": "21529daa-33dd-11eb-adc1-0242ac120002", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "roles" + ], + "optionalClientScopes": [ + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "dad84085-32b6-4a06-96bd-62edbbce9e68", + "clientId": "direct-grant", + "rootUrl": "https://{{ .Values.global.domain }}", + "adminUrl": "https://{{ .Values.global.domain }}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "{{ .Values.direct_grant_client_secret }}{{ .Values.global.random_string }}", + "redirectUris": [ + "https://{{ .Values.global.domain }}/*" + ], + "webOrigins": [ + "https://{{ .Values.global.domain }}" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", + "saml.encrypt": "false", + "post.logout.redirect.uris": "+", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "exclude.session.state.from.auth.response": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "647aa742-d849-41d2-b174-c06b59e6d5b6", + "clientId": "google-auth", + "rootUrl": "https://{{ .Values.global.domain }}", + "adminUrl": "", + "baseUrl": "/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "{{ .Values.google_auth_client_secret }}{{ .Values.global.random_string }}", + "redirectUris": [ + "https://{{ .Values.global.domain }}/explore" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", + "saml.encrypt": "false", + "post.logout.redirect.uris": "+", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "exclude.session.state.from.auth.response": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "bdb4cdf5-0ee5-475b-bb47-25a5f90f1305", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "4b3632c9-8055-4f9f-9702-3c975d93bf8d", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "702df96e-686f-4b68-bafd-1cb820fff7fb", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "03617f2e-6b45-4844-a81c-0df09ea89988", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + }, + { + "id": "93b57ddf-9f32-4c0e-95eb-258ad19693db", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "b38527eb-dbed-4868-8075-69038ee3072a", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "roles" + ], + "optionalClientScopes": [ + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "349dad8b-6e03-4f22-8368-50a43ba08f6f", + "clientId": "google-auth-android", + "rootUrl": "https://{{ .Values.global.domain }}", + "adminUrl": "", + "baseUrl": "/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "{{ .Values.google_android_client_secret }}{{ .Values.global.random_string }}", + "redirectUris": [ + "https://{{ .Values.global.domain }}/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", + "saml.encrypt": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "saml.authnstatement": "false", + "post.logout.redirect.uris": "+", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "0f977731-0434-4b22-92e9-71b5c89c1c38", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "5675d8c8-771a-4fa2-9278-7239c007c22b", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "22f8b83d-f207-4d2b-8884-8fe8d73e0f88", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + }, + { + "id": "e3334f7a-a4cc-4922-bd54-a69a59a53908", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "df970ff2-5097-4657-943a-d1ff20a9ca68", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "4ecd9267-5bf0-4eea-91d4-ee2ad9cf5f69", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "roles" + ], + "optionalClientScopes": [ + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "4e8f751d-5caa-489f-a281-636b56576cee", + "clientId": "google-auth-desktop", + "rootUrl": "https://{{ .Values.global.domain }}", + "adminUrl": "", + "baseUrl": "/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "{{ .Values.google_auth_desktop_client_secret }}{{ .Values.global.random_string }}", + "redirectUris": [ + "https://{{ .Values.global.domain }}/*" + ], + "webOrigins": [ + "https://{{ .Values.global.domain }}" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", + "saml.encrypt": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "saml.authnstatement": "false", + "post.logout.redirect.uris": "+", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "d63f24fa-6ea0-4445-89db-18cbeb06f24a", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + }, + { + "id": "c2ab9976-561e-4ba0-8599-e573e6abafe3", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "f06b6720-9ee5-42b3-8ba1-ad232f622570", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "10dce5cc-503e-4dff-9f07-f1c534956747", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "8c97679c-aa11-4794-a157-5e08bb315033", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "66405b47-d570-414f-bbfb-5f9bdbcc6132", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "roles" + ], + "optionalClientScopes": [ + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "f1e29715-91d7-4f2a-b11f-c10786f737e5", + "clientId": "lms", + "rootUrl": "https://{{ .Values.global.domain }}", + "adminUrl": "https://{{ .Values.global.domain }}", + "baseUrl": "/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "{{ .Values.lms_client_secret }}{{ .Values.global.random_string }}", + "redirectUris": [ + "https://{{ .Values.global.domain }}/resources", + "https://{{ .Values.global.domain }}/*" + ], + "webOrigins": [ + "https://{{ .Values.global.domain }}" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": true, + "authorizationServicesEnabled": true, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", + "saml.encrypt": "false", + "post.logout.redirect.uris": "+", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "exclude.session.state.from.auth.response": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "99d66c08-4cc6-4a26-b9a0-6e8200078a0b", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "2739a92e-c49f-4670-8b77-86d169e54e32", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "75770bd7-b072-48b6-800f-acdb3a8ed578", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientId", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientId", + "jsonType.label": "String" + } + }, + { + "id": "60ab68af-b145-4b2e-8b39-53bd6196a266", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "7d645724-6fe2-4939-afff-0ba716158d7c", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "4edb4528-7b27-4df9-b341-57b0059958c6", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + }, + { + "id": "e585f727-a10f-431b-977e-dd362f99388c", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "76cb2ee1-1ab8-4753-a486-34d071ad1e3a", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "94f9c52f-c019-4818-8b2c-30fd26274328", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" } - ], - "defaultClientScopes": [ - "web-origins", - "roles" - ], - "optionalClientScopes": [ - "offline_access", - "microprofile-jwt" - ], - "authorizationSettings": { - "allowRemoteResourceManagement": false, - "policyEnforcementMode": "ENFORCING", - "resources": [ - { - "name": "Default Resource", - "type": "urn:lms:resources:default", - "ownerManagedAccess": false, - "attributes": {}, - "_id": "2195090a-af1c-4c71-a281-14fefa90c555", - "uris": [ - "/*" - ] - } - ], - "policies": [ - { - "id": "d2ccb04e-78fa-4118-a20c-34feb3d9b0a4", - "name": "Default Policy", - "description": "A policy that grants access only for users within this realm", - "type": "js", - "logic": "POSITIVE", - "decisionStrategy": "AFFIRMATIVE", - "config": { - "code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n" - } - }, - { - "id": "2ecb87d6-ed47-4176-a437-ebd57833769f", - "name": "Default Permission", - "description": "A permission that applies to the default resource type", - "type": "resource", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "defaultResourceType": "urn:lms:resources:default", - "applyPolicies": "[\"Default Policy\"]" - } - } - ], - "scopes": [], - "decisionStrategy": "UNANIMOUS" } - }, - { - "id": "dad84085-32b6-4a06-96bd-62edbbce9e68", - "clientId": "direct-grant", - "rootUrl": "https://{{ .Values.global.domain }}", - "adminUrl": "https://{{ .Values.global.domain }}", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "{{ .Values.direct_grant_client_secret }}{{ .Values.global.random_string }}", - "redirectUris": [ - "https://{{ .Values.global.domain }}/*" - ], - "webOrigins": [ - "https://{{ .Values.global.domain }}" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "exclude.session.state.from.auth.response": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "role_list", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "647aa742-d849-41d2-b174-c06b59e6d5b6", - "clientId": "google-auth", - "rootUrl": "https://{{ .Values.global.domain }}", - "adminUrl": "", - "baseUrl": "/", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "{{ .Values.google_auth_client_secret }}{{ .Values.global.random_string }}", - "redirectUris": [ - "https://{{ .Values.global.domain }}/*" + ], + "defaultClientScopes": [ + "web-origins", + "roles" + ], + "optionalClientScopes": [ + "offline_access", + "microprofile-jwt" + ], + "authorizationSettings": { + "allowRemoteResourceManagement": true, + "policyEnforcementMode": "ENFORCING", + "resources": [ + { + "name": "Default Resource", + "type": "urn:lms:resources:default", + "ownerManagedAccess": false, + "attributes": {}, + "_id": "2195090a-af1c-4c71-a281-14fefa90c555", + "uris": [ + "/*" + ] + } ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "saml.authnstatement": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "bdb4cdf5-0ee5-475b-bb47-25a5f90f1305", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "4b3632c9-8055-4f9f-9702-3c975d93bf8d", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "702df96e-686f-4b68-bafd-1cb820fff7fb", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "03617f2e-6b45-4844-a81c-0df09ea89988", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - }, - { - "id": "93b57ddf-9f32-4c0e-95eb-258ad19693db", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, + "policies": [ + { + "id": "d2ccb04e-78fa-4118-a20c-34feb3d9b0a4", + "name": "Default Policy", + "description": "A policy that grants access only for users within this realm", + "type": "js", + "logic": "POSITIVE", + "decisionStrategy": "AFFIRMATIVE", "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" + "code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n" } }, { - "id": "b38527eb-dbed-4868-8075-69038ee3072a", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, + "id": "2ecb87d6-ed47-4176-a437-ebd57833769f", + "name": "Default Permission", + "description": "A permission that applies to the default resource type", + "type": "resource", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" + "defaultResourceType": "urn:lms:resources:default", + "applyPolicies": "[\"Default Policy\"]" } } ], - "defaultClientScopes": [ - "web-origins", - "roles" - ], - "optionalClientScopes": [ - "offline_access", - "microprofile-jwt" - ] + "scopes": [], + "decisionStrategy": "UNANIMOUS" + } + }, + { + "id": "26320feb-8a5d-49e4-80c5-20eb7428a11e", + "clientId": "nodebb", + "rootUrl": "https://{{ .Values.global.domain }}/discussions", + "adminUrl": "https://{{ .Values.global.domain }}/discussions", + "baseUrl": "/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "{{ .Values.nodebb_client_secret }}{{ .Values.global.random_string }}", + "redirectUris": [ + "https://{{ .Values.global.domain }}/discussions/auth/fusionauth-oidc/callback", + "https://{{ .Values.global.domain }}/discussions/*", + "https://{{ .Values.global.domain }}/auth/fusionauth-oidc/callback" + ], + "webOrigins": [ + "https://{{ .Values.global.domain }}" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", + "saml.encrypt": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "saml.authnstatement": "false", + "post.logout.redirect.uris": "+", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "saml.onetimeuse.condition": "false" }, - { - "id": "c3950efa-6684-44c2-b50a-c7b3d16df04b", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "54c3bbc3-850b-4636-82d1-ed4f3a46a00a", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "0f0d9b74-c476-4981-a783-dd4bdbe041ec", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - }, - { - "id": "d6f625cc-eac1-49d0-bea5-17e6f9d3860c", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "bbf35056-9bbe-49a0-aefc-2bde2379ccdc", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "38b04951-1043-4dc6-9504-7b0f31ed71a4", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "id": "88bb836b-7feb-45eb-b004-fb3be8436908", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "ccaa12e5-c02d-43d6-be17-a9589058a59a", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" } - ], - "defaultClientScopes": [ - "web-origins", - "roles" - ], - "optionalClientScopes": [ - "microprofile-jwt" - ] + }, + { + "id": "beecffc2-7cee-46d2-95bf-4fe6d9083c8b", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "ae5ab74e-4e43-4e5f-9ed3-7cc9b5420247", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "9dd1607d-5fc2-4d13-9ec7-4a08d9139217", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + }, + { + "id": "bc5fee3f-ee82-4a34-bfdb-7be32445b7e6", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "224ab538-bc07-41a0-8dfd-20327e475aa5", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "roles" + ], + "optionalClientScopes": [ + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "8c12290d-d62f-48ce-913b-c93bf995ca59", + "clientId": "portal", + "rootUrl": "https://{{ .Values.global.domain }}", + "adminUrl": "/oauth2callback", + "baseUrl": "/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "", + "redirectUris": [ + "https://{{ .Values.global.domain }}/", + "https://{{ .Values.global.domain }}/*", + "https://{{ .Values.global.domain }}/private/*", + "http://localhost:3000/*" + ], + "webOrigins": [ + "" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", + "saml.encrypt": "false", + "post.logout.redirect.uris": "+", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "exclude.session.state.from.auth.response": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" }, - { - "id": "79c518d7-b41a-4e6f-be42-4ef365824100", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "baseUrl": "/auth/admin/sunbird/console/index.html", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "", - "redirectUris": [ - "/auth/admin/sunbird/console/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "c989a8c8-cb8b-40ff-b4b9-86122bad7aa9", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - }, - { - "id": "b180fb8c-997c-4f6a-b774-af677f903139", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "c373dc9a-49d7-4d28-9b94-06cf20fb1955", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "24c7b1c4-62c2-4d92-ab19-49bfaedcc3d4", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "id": "883a39a7-37b4-46ef-a761-3e51b95ccc35", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "95ed8e44-38cc-4f09-8adc-19c12d5eada0", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "63071ff2-a5e5-4d38-b534-a9f25a075403", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "9bf9cad5-dbce-41e9-aa36-d84cc5a768a2", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "238e55b7-6545-467e-856b-f95477afe1ff", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + }, + { + "id": "edb1ff4e-b452-46bc-8c3b-d6075f6ee579", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "7a0118e2-57ff-4d23-bf74-cbfe1f545d1d", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "b59a913e-118a-4dc4-a8d7-66c44ced5345", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "roles" + ], + "optionalClientScopes": [ + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "b2f45201-1362-4b10-83c3-207d470f44bf", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "authorizationServicesEnabled": true, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "71605238-bf41-400e-8c03-a5d78f54b00b", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "a0cb6f3a-30ef-4475-b73f-ca6c2f1f3675", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "2cd0b82a-f1c5-4305-a281-b50f716002fb", + "name": "Client Host", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientHost", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientHost", + "jsonType.label": "String" + } + }, + { + "id": "3a7708b1-63b9-4116-af7f-969fc1bf61a4", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + }, + { + "id": "c393d7b7-fa22-4e90-9ad7-07d520632c20", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "ef629cd5-6efa-4d2a-a7fa-36f37c1b048d", + "name": "Client ID", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientId", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientId", + "jsonType.label": "String" + } + }, + { + "id": "3017bdac-d681-4582-b969-af7ae97b2ece", + "name": "Client IP Address", + "protocol": "openid-connect", + "protocolMapper": "oidc-usersessionmodel-note-mapper", + "consentRequired": false, + "config": { + "user.session.note": "clientAddress", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "clientAddress", + "jsonType.label": "String" + } + }, + { + "id": "e77aae69-8ea4-4ee4-bcd6-ba7ef3958c02", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "2d8cbac4-e4dd-4fa6-bf71-98adf826b9dd", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "roles" + ], + "optionalClientScopes": [ + "microprofile-jwt" + ], + "authorizationSettings": { + "allowRemoteResourceManagement": true, + "policyEnforcementMode": "ENFORCING", + "resources": [ + { + "name": "role.resource.d6e505fe-c3c5-4689-946e-7f69d3f64c6c", + "type": "Role", + "ownerManagedAccess": false, + "attributes": {}, + "_id": "88e477b6-2f34-40cb-8762-89ba9a1d66eb", + "uris": [], + "scopes": [ + { + "name": "map-role-composite" + }, + { + "name": "map-role-client-scope" + }, + { + "name": "map-role" + } + ] }, { - "id": "c66c6a41-eb22-443f-8a77-e68d404ad26f", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } + "name": "client.resource.8c12290d-d62f-48ce-913b-c93bf995ca59", + "type": "Client", + "ownerManagedAccess": false, + "attributes": {}, + "_id": "78be7d45-828c-46ce-b8ee-bbc7d654eda6", + "uris": [], + "scopes": [ + { + "name": "view" + }, + { + "name": "map-roles-client-scope" + }, + { + "name": "configure" + }, + { + "name": "map-roles" + }, + { + "name": "manage" + }, + { + "name": "map-roles-composite" + } + ] } ], - "defaultClientScopes": [ - "web-origins", - "roles" - ], - "optionalClientScopes": [ - "microprofile-jwt" - ] - }, - { - "id": "7d86da86-b107-4ec7-bfe7-84f202d4030c", - "clientId": "trampoline-desktop", - "rootUrl": "https://{{ .Values.global.domain }}", - "adminUrl": "", - "baseUrl": "/", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "{{ .Values.trampoline_desktop_client_secret }}{{ .Values.global.random_string }}", - "redirectUris": [ - "https://{{ .Values.global.domain }}/*" - ], - "webOrigins": [ - "https://{{ .Values.global.domain }}" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "saml.authnstatement": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "a5110145-04b0-4841-a4a1-4de10a78e7dd", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - }, + "policies": [ { - "id": "5b0c88d6-1815-4813-90a2-df35ef036d86", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, + "id": "f50ba18c-aa7c-4925-8225-38610d77066a", + "name": "map-role.permission.d6e505fe-c3c5-4689-946e-7f69d3f64c6c", + "type": "scope", + "logic": "POSITIVE", + "decisionStrategy": "AFFIRMATIVE", "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" + "resources": "[\"role.resource.d6e505fe-c3c5-4689-946e-7f69d3f64c6c\"]", + "scopes": "[\"map-role\"]" } }, { - "id": "9be4a0f5-daa8-4806-bf46-aaa87eeac22f", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, + "id": "735e8e6f-feaa-4865-be21-3c463f058b9e", + "name": "map-role-client-scope.permission.d6e505fe-c3c5-4689-946e-7f69d3f64c6c", + "type": "scope", + "logic": "POSITIVE", + "decisionStrategy": "AFFIRMATIVE", "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" + "resources": "[\"role.resource.d6e505fe-c3c5-4689-946e-7f69d3f64c6c\"]", + "scopes": "[\"map-role-client-scope\"]" } }, { - "id": "18bdcae0-00f6-4208-90a5-61d69adb5fa9", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, + "id": "280a230c-2c62-4f15-b6c1-c60ccbaebb49", + "name": "manage.permission.client.8c12290d-d62f-48ce-913b-c93bf995ca59", + "type": "scope", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" + "resources": "[\"client.resource.8c12290d-d62f-48ce-913b-c93bf995ca59\"]", + "scopes": "[\"manage\"]" } }, { - "id": "2ef53e45-67d1-4e40-9272-ef8f73a6f9f9", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "5681c015-160b-4bd4-9765-929d786b879b", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "roles" - ], - "optionalClientScopes": [ - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "586ad4d3-c063-4df0-91c1-9d4ab64da7ca", - "clientId": "trampoline-android", - "rootUrl": "https://{{ .Values.global.domain }}", - "adminUrl": "", - "baseUrl": "/", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "{{ .Values.trampoline_android_client_secret }}{{ .Values.global.random_string }}", - "redirectUris": [ - "https://{{ .Values.global.domain }}/*" - ], - "webOrigins": [ - "https://{{ .Values.global.domain }}" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.multivalued.roles": "false", - "saml.force.post.binding": "false", - "saml.encrypt": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "saml.authnstatement": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "3228bc78-cd5a-439f-a9ed-2d4c1a2539a3", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, + "id": "7b1400f7-28fa-46b0-ac62-5029208bf5cd", + "name": "map-role-composite.permission.d6e505fe-c3c5-4689-946e-7f69d3f64c6c", + "type": "scope", + "logic": "POSITIVE", + "decisionStrategy": "AFFIRMATIVE", "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" + "resources": "[\"role.resource.d6e505fe-c3c5-4689-946e-7f69d3f64c6c\"]", + "scopes": "[\"map-role-composite\"]" } }, { - "id": "101f9a64-99e1-4343-9f10-9bb010bde29f", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, + "id": "05accf91-18b6-4473-8797-97270784d7f0", + "name": "configure.permission.client.8c12290d-d62f-48ce-913b-c93bf995ca59", + "type": "scope", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" + "resources": "[\"client.resource.8c12290d-d62f-48ce-913b-c93bf995ca59\"]", + "scopes": "[\"configure\"]" } }, { - "id": "c4d6864a-545c-4f3d-8659-59cdca98c3c2", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, + "id": "d6c34ee5-3513-4779-b866-969c3b239a86", + "name": "view.permission.client.8c12290d-d62f-48ce-913b-c93bf995ca59", + "type": "scope", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" + "resources": "[\"client.resource.8c12290d-d62f-48ce-913b-c93bf995ca59\"]", + "scopes": "[\"view\"]" } }, { - "id": "c7bb7135-5a97-4c4b-a561-c215cf757793", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, + "id": "2d078a8f-3b8d-49bf-8777-1ec008750f5d", + "name": "map-roles.permission.client.8c12290d-d62f-48ce-913b-c93bf995ca59", + "type": "scope", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" + "resources": "[\"client.resource.8c12290d-d62f-48ce-913b-c93bf995ca59\"]", + "scopes": "[\"map-roles\"]" } }, { - "id": "1da2f49d-8b2d-4c3b-819c-4cc9ec4a7912", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, + "id": "4094a5e8-5344-404a-b7fc-105a9449665c", + "name": "map-roles-client-scope.permission.client.8c12290d-d62f-48ce-913b-c93bf995ca59", + "type": "scope", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" + "resources": "[\"client.resource.8c12290d-d62f-48ce-913b-c93bf995ca59\"]", + "scopes": "[\"map-roles-client-scope\"]" } }, { - "id": "5b4dd4d2-945a-4664-aa3d-10ba26fd872d", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, + "id": "dbd7f47f-47bf-4040-ab10-8d34ff02810c", + "name": "map-roles-composite.permission.client.8c12290d-d62f-48ce-913b-c93bf995ca59", + "type": "scope", + "logic": "POSITIVE", + "decisionStrategy": "UNANIMOUS", "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" + "resources": "[\"client.resource.8c12290d-d62f-48ce-913b-c93bf995ca59\"]", + "scopes": "[\"map-roles-composite\"]" } } ], - "defaultClientScopes": [ - "web-origins", - "roles" - ], - "optionalClientScopes": [ - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "c2d24d3f-65ca-46de-9cd8-3eeb71a7f83d", - "clientId": "account", - "name": "${client_account}", - "baseUrl": "/auth/realms/sunbird/account", - "surrogateAuthRequired": false, - "enabled": true, - "clientAuthenticatorType": "client-secret", - "secret": "", - "defaultRoles": [ - "manage-account", - "view-profile" - ], - "redirectUris": [ - "/auth/realms/sunbird/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ + "scopes": [ + { + "id": "8cbcc54b-e113-4b3b-afdd-2b1c0ce53a72", + "name": "map-role" + }, { - "id": "a64118ab-33c8-4060-9f3e-3ed817ba8e0d", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } + "id": "74001b3e-c52e-40e0-9ad1-dfcaa7c068b1", + "name": "map-role-client-scope" }, { - "id": "1f4a0c5e-7c8a-4693-8be5-14681b243868", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } + "id": "d5f2f548-4856-4191-b196-1901d79a1376", + "name": "map-role-composite" }, { - "id": "8d88a133-a399-4e75-b051-5b0d4ae850ab", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } + "id": "1dbc819e-8612-478e-b0da-e8573954b60e", + "name": "manage" }, { - "id": "45593258-916c-4158-8577-d9806c16415a", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } + "id": "e7067636-4620-480c-afb4-efe104a6ad69", + "name": "view" }, { - "id": "027be48e-b7dc-4c3a-a648-414a466b67dd", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } + "id": "60f9a211-96d0-4ab7-b0c2-d4f0214d717c", + "name": "map-roles" }, { - "id": "c93937f9-0446-4be9-8b47-3c6de857497e", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } + "id": "56022a9b-33cd-4b2b-90c6-5a4aa1302dcd", + "name": "map-roles-client-scope" + }, + { + "id": "73b840d5-e62b-46a6-aee4-9891be59d723", + "name": "map-roles-composite" + }, + { + "id": "9daa40c7-bbba-49a3-bc96-e1ef93bb48d2", + "name": "configure" + } + ], + "decisionStrategy": "UNANIMOUS" + } + }, + { + "id": "79c518d7-b41a-4e6f-be42-4ef365824100", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/sunbird/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "", + "redirectUris": [ + "/admin/sunbird/console/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "c989a8c8-cb8b-40ff-b4b9-86122bad7aa9", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + }, + { + "id": "b180fb8c-997c-4f6a-b774-af677f903139", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "c373dc9a-49d7-4d28-9b94-06cf20fb1955", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "24c7b1c4-62c2-4d92-ab19-49bfaedcc3d4", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "883a39a7-37b4-46ef-a761-3e51b95ccc35", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "95ed8e44-38cc-4f09-8adc-19c12d5eada0", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "c66c6a41-eb22-443f-8a77-e68d404ad26f", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "roles" + ], + "optionalClientScopes": [ + "microprofile-jwt" + ] + }, + { + "id": "9a901d18-377b-4615-9b89-677b544be3c5", + "clientId": "trampoline", + "rootUrl": "https://{{ .Values.global.domain }}", + "adminUrl": "", + "baseUrl": "/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "{{ .Values.trampoline_client_secret }}{{ .Values.global.random_string }}", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", + "saml.encrypt": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "saml.authnstatement": "false", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "12134027-94cc-401c-bbf6-be565078ddfb", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + }, + { + "id": "6a956bf1-6c40-4549-b335-9fe8c788b18f", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "d32ba1d4-3fef-42ff-aa2b-98cb4bfef6f9", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "9e899fc7-1ddd-447d-810c-d91333d6621c", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "74e4d13f-bd02-4f17-bbbc-d4b79bab1971", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "48fe23c2-a6fb-4c5e-8930-28ad1913829a", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "roles" + ], + "optionalClientScopes": [ + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "586ad4d3-c063-4df0-91c1-9d4ab64da7ca", + "clientId": "trampoline-android", + "rootUrl": "https://{{ .Values.global.domain }}", + "adminUrl": "", + "baseUrl": "/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "{{ .Values.trampoline_android_client_secret }}{{ .Values.global.random_string }}", + "redirectUris": [ + "https://{{ .Values.global.domain }}/*" + ], + "webOrigins": [ + "https://{{ .Values.global.domain }}" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", + "saml.encrypt": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "saml.authnstatement": "false", + "post.logout.redirect.uris": "+", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "3228bc78-cd5a-439f-a9ed-2d4c1a2539a3", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "101f9a64-99e1-4343-9f10-9bb010bde29f", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "c4d6864a-545c-4f3d-8659-59cdca98c3c2", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "c7bb7135-5a97-4c4b-a561-c215cf757793", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + }, + { + "id": "1da2f49d-8b2d-4c3b-819c-4cc9ec4a7912", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "5b4dd4d2-945a-4664-aa3d-10ba26fd872d", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "roles" + ], + "optionalClientScopes": [ + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "7d86da86-b107-4ec7-bfe7-84f202d4030c", + "clientId": "trampoline-desktop", + "rootUrl": "https://{{ .Values.global.domain }}", + "adminUrl": "", + "baseUrl": "/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "{{ .Values.trampoline_desktop_client_secret }}{{ .Values.global.random_string }}", + "redirectUris": [ + "https://{{ .Values.global.domain }}/*" + ], + "webOrigins": [ + "https://{{ .Values.global.domain }}" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.multivalued.roles": "false", + "saml.force.post.binding": "false", + "saml.encrypt": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "saml.authnstatement": "false", + "post.logout.redirect.uris": "+", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "protocolMappers": [ + { + "id": "a5110145-04b0-4841-a4a1-4de10a78e7dd", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + }, + { + "id": "5b0c88d6-1815-4813-90a2-df35ef036d86", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "9be4a0f5-daa8-4806-bf46-aaa87eeac22f", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "18bdcae0-00f6-4208-90a5-61d69adb5fa9", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "2ef53e45-67d1-4e40-9272-ef8f73a6f9f9", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "5681c015-160b-4bd4-9765-929d786b879b", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "roles" + ], + "optionalClientScopes": [ + "offline_access", + "microprofile-jwt" + ] + } + ], + "clientScopes": [ + { + "id": "72ea83e7-968e-4a2e-9f7c-ecb2ec846b6c", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "8e5b9603-d93b-4b95-a430-a8142a9715b9", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": {} + } + ] + }, + { + "id": "905e3a63-0220-41c0-aef3-e5cd7bd21062", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "adb0f817-07d2-41a6-ba5f-10ee483d01ef", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "id": "32f30b60-6713-43de-9e73-a5d95b334ac8", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "consent.screen.text": "${rolesScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "35c5fb33-cf30-43e8-a996-b1d06ae6960a", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "2783521d-9e13-46ea-8844-f881fe91997b", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + }, + { + "id": "1121a9ed-badc-44fb-85fc-ba81159da709", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" + } + } + ] + }, + { + "id": "b6c67246-7fba-45cd-b9b0-39d41c8e7433", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "f29b09fa-7720-4fda-a393-04fcb6973ccb", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "id": "a66f58cf-6646-4e8d-ae68-efa1a7ceae52", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "49aa07cf-2be3-41a9-9692-16227da802d2", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "21f0347f-cd91-4932-9e98-0d37457a43dc", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "multivalued": "true", + "userinfo.token.claim": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + }, + { + "id": "47b23f32-966d-47dc-900c-0d775e6709a5", + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "49e021ee-bab8-4f5d-9ba3-bbb493e0cca8", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "91895519-0e7c-4b65-8e4e-885ce79fe843", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "f568ba57-88e3-4a14-baaa-3c63e4d69c99", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${profileScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "08dc3928-41af-4be8-b2dd-6eaffec1adc8", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "String" + } + }, + { + "id": "2f6698aa-d21f-40e0-b502-9f52646b1f0b", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "2f7e53fe-c507-4284-9c96-fb174c5af75a", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "fc101011-383f-4fa0-8aa0-8a8fe1bb2795", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "id": "e354d68e-032d-4a9c-9e08-88c9d9f0d0d1", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "fc60b6f8-33cd-4e5a-ae7e-b755b3d7af00", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "id": "02f8257b-1e5d-48e0-a9e7-0b32f11c8b3d", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "9593a67d-9747-4064-b842-579aa84183d3", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "3e627adf-6765-464b-a95c-7261547c44c3", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "cea2927e-2db5-404d-af7b-405625f88b8f", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "id": "85054561-3829-4049-95b4-0f7e7a39610c", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "id": "9b9727e4-6301-443d-89a6-45d7e23b82e8", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "d0cafe88-819f-425b-911c-9fd07388f9f0", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "id": "3c25a5f1-13d6-4ab4-a13e-874ca09e77bf", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" } - ], - "defaultClientScopes": [ - "web-origins", - "roles" - ], - "optionalClientScopes": [ - "microprofile-jwt" - ] - } - ], - "clientScopes": [ - { - "id": "49aa07cf-2be3-41a9-9692-16227da802d2", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "21f0347f-cd91-4932-9e98-0d37457a43dc", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - }, - { - "id": "47b23f32-966d-47dc-900c-0d775e6709a5", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } + } + ] + }, + { + "id": "b3719a37-3f11-44d7-ac8f-df8d2b6eb782", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${phoneScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "71b8571d-5f50-4afb-a45b-adade55182f9", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" } - ] + }, + { + "id": "ab426b49-638f-4ea9-bd38-628aa0f9d163", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "0203e8e9-684c-4ce8-b692-40539b6fd98e", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "8084b334-ea2d-4803-9f11-f7bfa268d743", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" }, - { - "id": "72ea83e7-968e-4a2e-9f7c-ecb2ec846b6c", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "8e5b9603-d93b-4b95-a430-a8142a9715b9", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} + "protocolMappers": [ + { + "id": "b65d978c-1eff-4f1c-a4fb-dcc794489cb1", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" } - ] + } + ] + } + ], + "defaultDefaultClientScopes": [ + "role_list", + "profile", + "email", + "roles", + "web-origins", + "acr" + ], + "defaultOptionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection": "1; mode=block", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": { + "password": "{{ .Values.global.mail_server_password }}", + "starttls": "", + "auth": "true", + "port": "587", + "host": "{{ .Values.global.mail_server_host }}", + "from": "{{ .Values.global.mail_server_from_email }}", + "ssl": "", + "user": "{{ .Values.global.mail_server_username }}" + }, + "loginTheme": "{{ .Values.tenant_name }}", + "accountTheme": "keycloak", + "adminTheme": "keycloak.v2", + "emailTheme": "keycloak", + "eventsEnabled": false, + "eventsListeners": [ + "jboss-logging" + ], + "enabledEventTypes": [], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "identityProviders": [], + "identityProviderMappers": [], + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "84078bbb-e005-44c8-9c7d-a1b4821558da", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } }, { - "id": "32f30b60-6713-43de-9e73-a5d95b334ac8", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "35c5fb33-cf30-43e8-a996-b1d06ae6960a", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "2783521d-9e13-46ea-8844-f881fe91997b", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - }, - { - "id": "1121a9ed-badc-44fb-85fc-ba81159da709", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - } - ] + "id": "346d857e-4385-4f8f-a2fc-072fd11a10ec", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-user-attribute-mapper", + "oidc-usermodel-property-mapper", + "oidc-full-name-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "oidc-address-mapper", + "saml-role-list-mapper", + "oidc-sha256-pairwise-sub-mapper" + ] + } }, { - "id": "0203e8e9-684c-4ce8-b692-40539b6fd98e", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" + "id": "eed64f9f-4b66-45ad-bdb4-4070e3802366", + "name": "Allowed Client Templates", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] } }, { - "id": "b3719a37-3f11-44d7-ac8f-df8d2b6eb782", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "71b8571d-5f50-4afb-a45b-adade55182f9", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "ab426b49-638f-4ea9-bd38-628aa0f9d163", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - } - ] + "id": "17ac4eaa-9139-4b3a-b1db-c82d44c1531d", + "name": "Allowed Client Templates", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } }, { - "id": "49e021ee-bab8-4f5d-9ba3-bbb493e0cca8", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "91895519-0e7c-4b65-8e4e-885ce79fe843", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] + "id": "38532936-be91-40e4-b65d-c0abfaf9547c", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} }, { - "id": "b6c67246-7fba-45cd-b9b0-39d41c8e7433", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "f29b09fa-7720-4fda-a393-04fcb6973ccb", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "id": "a66f58cf-6646-4e8d-ae68-efa1a7ceae52", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - } - ] + "id": "8c1690a2-6eea-4d61-ab66-7a015e3bea3c", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-user-property-mapper", + "oidc-full-name-mapper", + "saml-role-list-mapper", + "oidc-usermodel-property-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-address-mapper", + "saml-user-attribute-mapper", + "oidc-sha256-pairwise-sub-mapper" + ] + } }, { - "id": "f568ba57-88e3-4a14-baaa-3c63e4d69c99", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "08dc3928-41af-4be8-b2dd-6eaffec1adc8", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" - } - }, - { - "id": "2f6698aa-d21f-40e0-b502-9f52646b1f0b", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "2f7e53fe-c507-4284-9c96-fb174c5af75a", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "fc101011-383f-4fa0-8aa0-8a8fe1bb2795", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "id": "e354d68e-032d-4a9c-9e08-88c9d9f0d0d1", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "fc60b6f8-33cd-4e5a-ae7e-b755b3d7af00", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "02f8257b-1e5d-48e0-a9e7-0b32f11c8b3d", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "9593a67d-9747-4064-b842-579aa84183d3", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "3e627adf-6765-464b-a95c-7261547c44c3", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "cea2927e-2db5-404d-af7b-405625f88b8f", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "85054561-3829-4049-95b4-0f7e7a39610c", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "9b9727e4-6301-443d-89a6-45d7e23b82e8", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "d0cafe88-819f-425b-911c-9fd07388f9f0", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, - { - "id": "3c25a5f1-13d6-4ab4-a13e-874ca09e77bf", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - } - ] + "id": "3dcc314c-07f8-484d-9535-29424dbaddfc", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] + } }, { - "id": "905e3a63-0220-41c0-aef3-e5cd7bd21062", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "adb0f817-07d2-41a6-ba5f-10ee483d01ef", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] + "id": "ab52b781-64b9-42a0-99f5-cbeba6710763", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} } ], - "defaultDefaultClientScopes": [ - "role_list", - "profile", - "email", - "roles", - "web-origins" - ], - "defaultOptionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" + "org.keycloak.storage.UserStorageProvider": [ + { + "id": "{{ .Values.cassandra_federation_provider_id }}", + "name": "cassandra-storage-provider", + "providerId": "cassandra-storage-provider", + "subComponents": {}, + "config": { + "host": [ + "localhost" + ], + "cachePolicy": [ + "DEFAULT" + ], + "priority": [ + "0" + ] + } + } ], - "browserSecurityHeaders": { - "xContentTypeOptions": "nosniff", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "xXSSProtection": "1; mode=block", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" + "org.keycloak.keys.KeyProvider": [ + { + "id": "bd30c46f-9ee3-443d-9faa-6ed8075aac87", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + }, + { + "id": "21b13684-2eca-4814-95ce-45de76b8ab16", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + }, + { + "id": "a93cc73f-b070-48cd-bf08-9b290707c2f5", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "priority": [ + "100" + ] + } + } + ] + }, + "internationalizationEnabled": false, + "supportedLocales": [], + "defaultLocale": "en", + "authenticationFlows": [ + { + "id": "e33b3232-bac5-4e1b-bf28-65a3449850bb", + "alias": "Direct Grant 2", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": false, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-password", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "Direct Grant 2 - direct-grant-validate-otp - Conditional", + "userSetupAllowed": false + } + ] + }, + { + "id": "ee1a2f08-f3df-4edd-8edd-0ae442fff908", + "alias": "Direct Grant 2 - direct-grant-validate-otp - Conditional", + "description": "Flow to determine if the direct-grant-validate-otp authenticator should be used or not.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": false, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "df164090-f3e5-4f8b-9506-7b0a8cab5d40", + "alias": "Direct Grant w/o Password", + "description": "Grant user access using only the username and no password.", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": false, + "authenticationExecutions": [] + }, + { + "id": "41d98767-38c4-4b17-bb3b-e617347b3547", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Handle Existing Account - Alternatives - 0", + "userSetupAllowed": false + } + ] + }, + { + "id": "a60c07ad-727b-4e9a-9355-ca4a4503251e", + "alias": "Handle Existing Account - Alternatives - 0", + "description": "Subflow of Handle Existing Account with alternative executions", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false + } + ] + }, + { + "id": "9b5ae0f6-fad7-4999-a6b5-a9b5aac7f294", + "alias": "Phone number login", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": false, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 25, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "Phone number login forms", + "userSetupAllowed": false + } + ] + }, + { + "id": "edf8460e-3229-4d89-b27b-7c80ff7c056a", + "alias": "Phone number login forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": false, + "authenticationExecutions": [ + { + "authenticator": "auth-phone-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 21, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "46eef325-ca56-4c93-a78f-b6e3b796306f", + "alias": "Reset Credentials Via SMS OTP", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": false, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorConfig": "Reset Credentials Via SMS OTP", + "authenticator": "sms-authentication", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 41, + "autheticatorFlow": true, + "flowAlias": "Reset Credentials Via SMS OTP - reset-otp - Conditional", + "userSetupAllowed": false + } + ] + }, + { + "id": "466eb2c4-e0ab-46b7-a785-74d7dac60e11", + "alias": "Reset Credentials Via SMS OTP - reset-otp - Conditional", + "description": "Flow to determine if the reset-otp authenticator should be used or not.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": false, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "98b6cc08-f55f-4cbc-b4b4-829cffba9802", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Verify Existing Account by Re-authentication - auth-otp-form - Conditional", + "userSetupAllowed": false + } + ] + }, + { + "id": "6a4157ca-3372-4551-864b-409a98f8a7d7", + "alias": "Verify Existing Account by Re-authentication - auth-otp-form - Conditional", + "description": "Flow to determine if the auth-otp-form authenticator should be used or not.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "4b8ef7d0-2f3a-4546-8754-ed9e6277d982", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 25, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "forms", + "userSetupAllowed": false + } + ] + }, + { + "id": "d2ac9b04-4939-4964-a264-54fecc3ba959", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "e42a24d9-4a3b-4ce6-9a54-0bb8ab90a0e2", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-password", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "direct grant - direct-grant-validate-otp - Conditional", + "userSetupAllowed": false + } + ] }, - "smtpServer": { - "password": "{{ .Values.global.mail_server_password }}", - "starttls": "", - "auth": "true", - "port": "587", - "host": "{{ .Values.global.mail_server_host }}", - "from": "{{ .Values.global.mail_server_from_email }}", - "ssl": "", - "user": "{{ .Values.global.mail_server_username }}" + { + "id": "eeaa9817-abd7-477f-91b4-4abf0c4c93a1", + "alias": "direct grant - direct-grant-validate-otp - Conditional", + "description": "Flow to determine if the direct-grant-validate-otp authenticator should be used or not.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] }, - "loginTheme": "{{ .Values.tenant_name }}", - "accountTheme": "keycloak", - "adminTheme": "keycloak", - "emailTheme": "keycloak", - "eventsEnabled": false, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [], - "adminEventsEnabled": false, - "adminEventsDetailsEnabled": false, - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "84078bbb-e005-44c8-9c7d-a1b4821558da", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } + { + "id": "383e95f4-3b67-4aac-b828-81d0d38df37c", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "2ebcdf60-d0fc-478f-ac97-ec11b7e95c1c", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false }, { - "id": "346d857e-4385-4f8f-a2fc-072fd11a10ec", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "oidc-address-mapper", - "saml-user-property-mapper", - "oidc-usermodel-property-mapper", - "saml-user-attribute-mapper", - "oidc-usermodel-attribute-mapper", - "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper" - ] - } + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "first broker login - Alternatives - 0", + "userSetupAllowed": false + } + ] + }, + { + "id": "e1a44dcc-bf42-4f5b-b274-16cb94c46d7d", + "alias": "first broker login - Alternatives - 0", + "description": "Subflow of first broker login with alternative executions", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false }, { - "id": "eed64f9f-4b66-45ad-bdb4-4070e3802366", - "name": "Allowed Client Templates", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false + } + ] + }, + { + "id": "645e0c2d-d401-4e4f-8f46-024e7114c559", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false }, { - "id": "17ac4eaa-9139-4b3a-b1db-c82d44c1531d", - "name": "Allowed Client Templates", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "forms - auth-otp-form - Conditional", + "userSetupAllowed": false + } + ] + }, + { + "id": "5daaca3a-6cbe-468a-ab51-4af7bc658ceb", + "alias": "forms - auth-otp-form - Conditional", + "description": "Flow to determine if the auth-otp-form authenticator should be used or not.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false }, { - "id": "38532936-be91-40e4-b65d-c0abfaf9547c", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "1b033ec1-cbca-47f5-8816-73c0b035a91b", + "alias": "http challenge", + "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "no-cookie-redirect", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false }, { - "id": "8c1690a2-6eea-4d61-ab66-7a015e3bea3c", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper", - "saml-role-list-mapper", - "oidc-usermodel-property-mapper", - "oidc-address-mapper", - "saml-user-property-mapper", - "saml-user-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper" - ] - } + "authenticator": "basic-auth", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false }, { - "id": "3dcc314c-07f8-484d-9535-29424dbaddfc", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } + "authenticator": "basic-auth-otp", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false }, { - "id": "ab52b781-64b9-42a0-99f5-cbeba6710763", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false } - ], - "org.keycloak.storage.UserStorageProvider": [ - { - "id": "{{ .Values.cassandra_federation_provider_id }}", - "name": "cassandra-storage-provider", - "providerId": "cassandra-storage-provider", - "subComponents": {}, - "config": { - "host": [ - "localhost" - ], - "cachePolicy": [ - "DEFAULT" - ], - "priority": [ - "0" - ] - } + ] + }, + { + "id": "5f7a890c-1e28-4a63-aba2-77c0a608cfb8", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": true, + "flowAlias": "registration form", + "userSetupAllowed": false } - ], - "org.keycloak.keys.KeyProvider": [ + ] + }, + { + "id": "42210466-c314-47dc-aeaa-ed7ce19c6002", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ { - "id": "bd30c46f-9ee3-443d-9faa-6ed8075aac87", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } + "authenticator": "registration-user-creation", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false }, { - "id": "21b13684-2eca-4814-95ce-45de76b8ab16", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } + "authenticator": "registration-profile-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false }, { - "id": "a93cc73f-b070-48cd-bf08-9b290707c2f5", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } + "authenticator": "registration-password-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 50, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-recaptcha-action", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 60, + "autheticatorFlow": false, + "userSetupAllowed": false } ] }, - "internationalizationEnabled": false, - "supportedLocales": [], - "defaultLocale": "en", - "authenticationFlows": [ - { - "id": "976a6147-7a63-48cd-ab6d-ac3a2f0ffa42", - "alias": "Direct Grant 2", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": false, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-password", - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-otp", - "requirement": "OPTIONAL", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "fe01a5ba-9b8b-4211-8a71-273800b0309d", - "alias": "Direct Grant w/o Password", - "description": "Grant user access using only the username and no password.", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": false, - "authenticationExecutions": [] - }, - { - "id": "797d8e90-1fb5-48bc-b6f0-e44766721af0", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "idp-email-verification", - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "5f70fc7a-42b6-41cd-aaf9-a3837fc05f43", - "alias": "Phone number login", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": false, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "identity-provider-redirector", - "requirement": "ALTERNATIVE", - "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "Phone number login forms", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "b886ae3f-e90a-4309-bb05-5367c3ec977b", - "alias": "Phone number login forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": false, - "authenticationExecutions": [ - { - "authenticator": "auth-phone-password-form", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "requirement": "DISABLED", - "priority": 21, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "8dc1276b-946b-4c49-97d2-ade016fd9df8", - "alias": "Reset Credentials Via SMS OTP", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": false, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorConfig": "Reset Credentials Via SMS OTP", - "authenticator": "sms-authentication", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-password", - "requirement": "REQUIRED", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-otp", - "requirement": "OPTIONAL", - "priority": 41, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "14838047-af17-4104-a714-bf51bd0aa699", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "requirement": "OPTIONAL", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "7ab0a65d-641e-4ba0-8793-35e363ba8362", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "identity-provider-redirector", - "requirement": "ALTERNATIVE", - "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "b2aedbfb-9432-4f47-8114-c6031c884b5f", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-jwt", - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "78809b88-19c3-4351-ac1a-e1c43dd71143", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-password", - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-otp", - "requirement": "OPTIONAL", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "025a77cf-895a-4622-95a0-fdd9912aeb9a", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "1ea8d8e5-7997-43d0-9ce4-0ec187d9c5be", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "5ae10869-08a5-489b-97c6-b6f65a40de21", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "requirement": "OPTIONAL", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "1be582c9-b469-4092-82d4-365fb6d02963", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "requirement": "REQUIRED", - "priority": 10, - "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "e71bd4ef-a33e-4a75-a8fc-8cfaf6a1119b", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-profile-action", - "requirement": "REQUIRED", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-password-action", - "requirement": "REQUIRED", - "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-recaptcha-action", - "requirement": "DISABLED", - "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "6c4e8128-0eb4-4303-bbec-3e5baec31022", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-credential-email", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-password", - "requirement": "REQUIRED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-otp", - "requirement": "OPTIONAL", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "ec7bae86-99e4-403a-a041-1039bacba45e", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "7d7aa155-54cd-4b62-bc7f-558ce934e0a5", - "alias": "Reset Credentials Via SMS OTP", - "config": { - "sms-auth.code.length": "6", - "sms-auth.msg.text": "Reset your password on PREPROD with the OTP %sms-code%. The OTP is valid for 5 minutes.", - "sms-auth.code.ttl": "300" + { + "id": "137ca1fb-1676-4fdd-8331-3920ba9cc135", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-credential-email", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 40, + "autheticatorFlow": true, + "flowAlias": "reset credentials - reset-otp - Conditional", + "userSetupAllowed": false } - }, - { - "id": "cc029554-f8bc-49c2-81cc-f0f7141bf178", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" + ] + }, + { + "id": "36a99cd9-669d-4a77-9a74-79de2fdccdd8", + "alias": "reset credentials - reset-otp - Conditional", + "description": "Flow to determine if the reset-otp authenticator should be used or not.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false } - }, - { - "id": "6a2402e1-b718-43a0-9b65-2a7b62d3b935", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" + ] + }, + { + "id": "d17db4e4-2b15-4825-9c13-e7dafa4446cc", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false } + ] + } + ], + "authenticatorConfig": [ + { + "id": "515a3ab1-112e-4bb2-bb35-7d1a0fbfe4e6", + "alias": "Reset Credentials Via SMS OTP", + "config": { + "sms-auth.code.length": "6", + "sms-auth.msg.text": "Reset your password on PREPROD with the OTP %sms-code%. The OTP is valid for 5 minutes.", + "sms-auth.code.ttl": "300" } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "terms_and_conditions", - "name": "Terms and Conditions", - "providerId": "terms_and_conditions", - "enabled": true, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} + }, + { + "id": "563d4b26-8187-4290-84c3-1acda3256573", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" } - ], - "browserFlow": "Phone number login", - "registrationFlow": "registration", - "directGrantFlow": "Direct Grant 2", - "resetCredentialsFlow": "Reset Credentials Via SMS OTP", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "_browser_header.xXSSProtection": "1; mode=block", - "_browser_header.xFrameOptions": "SAMEORIGIN", - "_browser_header.strictTransportSecurity": "max-age=31536000; includeSubDomains", - "permanentLockout": "false", - "quickLoginCheckMilliSeconds": "1000", - "displayName": "sunbird", - "_browser_header.xRobotsTag": "none", - "maxFailureWaitSeconds": "900", - "minimumQuickLoginWaitSeconds": "60", - "failureFactor": "10", - "actionTokenGeneratedByUserLifespan": "300", - "maxDeltaTimeSeconds": "43200", - "_browser_header.xContentTypeOptions": "nosniff", - "actionTokenGeneratedByAdminLifespan": "43200", - "offlineSessionMaxLifespan": "5184000", - "bruteForceProtected": "true", - "_browser_header.contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "waitIncrementSeconds": "86400", - "offlineSessionMaxLifespanEnabled": "false" }, - "keycloakVersion": "7.0.1", - "userManagedAccessAllowed": false - } \ No newline at end of file + { + "id": "15f3ab05-10fb-44a5-a630-07d79f350826", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "TERMS_AND_CONDITIONS", + "name": "Terms and Conditions", + "providerId": "TERMS_AND_CONDITIONS", + "enabled": true, + "defaultAction": false, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + }, + { + "alias": "delete_account", + "name": "Delete Account", + "providerId": "delete_account", + "enabled": false, + "defaultAction": false, + "priority": 60, + "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} + } + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "attributes": { + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaExpiresIn": "120", + "cibaAuthRequestedUserHint": "login_hint", + "oauth2DeviceCodeLifespan": "600", + "oauth2DevicePollingInterval": "5", + "clientOfflineSessionMaxLifespan": "0", + "clientSessionIdleTimeout": "0", + "parRequestUriLifespan": "60", + "clientSessionMaxLifespan": "0", + "clientOfflineSessionIdleTimeout": "0", + "cibaInterval": "5", + "realmReusableOtpCode": "false" + }, + "keycloakVersion": "21.1.2", + "userManagedAccessAllowed": false, + "clientProfiles": { + "profiles": [] + }, + "clientPolicies": { + "policies": [] + } +} \ No newline at end of file diff --git a/helmcharts/learnbb/charts/keycloak/values.yaml b/helmcharts/learnbb/charts/keycloak/values.yaml index b431913..939b2db 100644 --- a/helmcharts/learnbb/charts/keycloak/values.yaml +++ b/helmcharts/learnbb/charts/keycloak/values.yaml @@ -4,8 +4,8 @@ fullnameOverride: "keycloak" replicaCount: 1 image: - repository: keshavprasad/keycloak - tag: "7.0.1" + repository: sunbirded.azurecr.io/keycloak + tag: "21.1.2" pullPolicy: IfNotPresent pullSecrets: [] @@ -89,7 +89,7 @@ affinity: {} configmap: enabled: true - mountPath: /config + mountPath: /opt/keycloak/imports serviceAccount: create: true