diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 91dece2..90f6ebb 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -15,7 +15,7 @@ jobs:
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
- with: { go-version: '1.19', cache: true }
+ with: { go-version: '1.19' }
- run: |
mkdir -p ui/dist/img
touch ui/dist/index.html ui/dist/favicon.ico ui/dist/manifest.json ui/dist/img/fake.png
@@ -33,7 +33,7 @@ jobs:
- run: |
mkdir -p ui/dist/img
touch ui/dist/index.html ui/dist/favicon.ico ui/dist/manifest.json ui/dist/img/fake.png
- - run: docker compose -f docker-compose-with-keycloak.yml up --quiet-pull --detach
+ - run: docker compose up --quiet-pull --detach
working-directory: dev
- name: Install ArangoDB
run: |
@@ -49,7 +49,7 @@ jobs:
strategy:
matrix:
test: [ tickets, templates, playbooks ]
- auth: [ keycloak ] # simple
+ auth: [ authelia ]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
@@ -64,17 +64,12 @@ jobs:
working-directory: ui
- run: curl --head -X GET --retry 60 --retry-connrefused --retry-delay 10 http://localhost:8080
# run containers
- - run: |
- sed -i 's/host.docker.internal/172.17.0.1/g' dev/nginx.conf
- sed -i 's/host.docker.internal/172.17.0.1/g' dev/nginx-with-keycloak.conf
+ - run: sed -i 's/host.docker.internal/172.17.0.1/g' dev/nginx.conf
- run: docker compose up --quiet-pull --detach
working-directory: dev
- if: matrix.auth == 'simple'
- - run: docker compose -f docker-compose-with-keycloak.yml up --quiet-pull --detach
- working-directory: dev
- if: matrix.auth == 'keycloak'
- - run: curl --head -X GET --retry 60 --retry-connrefused --retry-delay 10 http://localhost:9002/auth/realms/catalyst
- if: matrix.auth == 'keycloak'
+ if: matrix.auth == 'authelia'
+ - run: curl --head -X GET --retry 60 --retry-connrefused --retry-delay 10 http://localhost:8082
+ if: matrix.auth == 'authelia'
# run catalyst
- run: |
mkdir -p ui/dist/img
@@ -82,10 +77,7 @@ jobs:
- run: go mod download
- run: bash start_dev.sh &
working-directory: dev
- if: matrix.auth == 'simple'
- - run: bash start_dev_with_keycloak.sh &
- working-directory: dev
- if: matrix.auth == 'keycloak'
+ if: matrix.auth == 'authelia'
- run: curl --head -X GET --retry 60 --retry-connrefused --retry-delay 10 http://localhost:8000
# run cypress
- uses: cypress-io/github-action@v4
@@ -95,12 +87,6 @@ jobs:
with:
browser: chrome
working-directory: ui
- - uses: actions/upload-artifact@v3
- if: always() && matrix.auth == 'simple'
- with:
- name: cypress-videos
- path: ui/cypress/videos
- retention-days: 1
build-npm:
name: Build npm
diff --git a/dev/authelia/configuration.yml b/dev/authelia/configuration.yml
new file mode 100644
index 0000000..cafc7aa
--- /dev/null
+++ b/dev/authelia/configuration.yml
@@ -0,0 +1,42 @@
+---
+server:
+ host: 0.0.0.0
+ port: 8082
+default_redirection_url: "http://localhost/auth/callback"
+
+log:
+ format: text
+
+authentication_backend:
+ file:
+ path: /config/users_database.yml
+
+access_control:
+ default_policy: one_factor
+
+session:
+ domain: localhost
+
+storage:
+ local:
+ path: /config/db.sqlite3
+
+notifier:
+ filesystem:
+ filename: /config/notification.txt
+
+identity_providers:
+ oidc:
+ cors:
+ # allowed_origins_from_client_redirect_uris: true
+ allowed_origins: [ "*" ]
+ clients:
+ - id: "catalyst"
+ description: API
+ secret: "secret"
+ public: false
+ authorization_policy: one_factor
+ scopes: [ openid, email, profile ]
+ redirect_uris:
+ - "http://localhost/auth/callback"
+ userinfo_signing_algorithm: none
diff --git a/dev/authelia/private.pem b/dev/authelia/private.pem
new file mode 100644
index 0000000..ea61ba2
--- /dev/null
+++ b/dev/authelia/private.pem
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEA0OYfHDBvLOMQHjGb2bZGZh6j+nfWihAVWAycCR5ZOGwaRQuW
+Z0iFzkDlsj0ENG65H5DkRB1mu93LXi7yzLs7Iu4mNQDtLH2EPN1HzgmwxIevL+Ud
+6H6wCZQrZxp9bah/BKjChfURDK7gmUzY0F/sbi1upI4uVuwUrMsYroKBS4R4crHm
+mqH1ACY8pih/d/4tpsGTs0ruLkFd5dGh/Vopcx7U4iPBxTL8SvkcUQ3TYqTjcKaV
+Zb8DoiKaGmVRUFEqYtiBPykC0MNRDK8DZTuIbwZPQM0c3OWCGm2JPR6qQfgCacyY
+JirsuN9gCMxXVCjLcaxCgWiftvhnr9YpdOYkX4ROY9qo4JNGN6Pd8Q5qX5GvSwa9
+fdtMn0shCyv2MRgSq2SfZ5+DT3eUUrDQkNQoHOxxR9VPdYcPFDNLgAbydwnrlqwZ
+X9rnaKuoRaJ6N4rOgJoaUR3LVXs8QrIGcJx9VRplm2NuElsDMm7fkAEEs2y/yAeW
+qjkVnwITCKB9qoMSjpj8KpjHYdXWZqdTJWNLdKLK3iH/2lpp71utobSNLjdojifN
+wmdQNzdVwAg56R7+YDDyCPEBsPO89s8b2E8SuYF2A9KRTD5Usd3k5aaMkaLrf4bu
+igpW7MBWwE9HQjMSgX8HxHsBDl/TGhK/c/GsTBN9UlUD1MFi9yn5PmtL+lcCAwEA
+AQKCAgBfm+NDOJu5lJbs6tGk3DruRDnSygRkHiZWrTbBKaW2ICwJy9rjnJq5IpS+
+dhS1lrOd0efXkQlTFJkemyg/MbZIL21HNwxWH4BlhvV1RJQl7t/scNW2cj1JtQoE
+X2hmxwaTcFXPj7Fk96kOINDe1fhVGPAZ2oU0/UodJ7s9K7fXg2LJQ8kCnvuOPPHn
+LoPgvHHSb6iVF8dZXkuGguK8HQb5jHPsqGboRYSZH9io9EX6UPNTvLqF3d3g2Ctl
+x1dnBi77HJJTAQcr2yj+QB+ytoOkJOQjCX2bUGOyis2ULrPIC6W3HI/KcDz2BC5k
++HlDqIQsm6W4qtTmnlx+auuAeFDOnr2lpPt4hVlyq3jkkSUqrcYs9NBsPdXz+80K
++NzRnv9EytHsliZJd4hUxwyh6y0BEo9QqgrpjlTFxYmRTGzZUu9qtcSCcVg9saZy
+vvJxFuzs5zDBqL44pMbNF/NB6fDYgkDEUOdAO6QVl6lPc3sYJcyQ0JNR2cWwlCq7
+EaamUJwTcCzUIT1ych/lYzVXqFF12urPavrqsaMbFHOQIRC9mjMgnm/eHZXB744e
+nhe7YFL94fxvMD+Ekr+3tVFskVfYYUwuQnUOCwxprnZXQxSAiABhbANBg4LOzBqP
+0yWSK7yrvjC0ktnt3q9NRtY8zRrZypric++zbhLddGdxydVCGQKCAQEA83f2WnZd
+UdbP2XhDoY/hYoVm48mgn81neElxxwalom39BJ4meHGAeDq6XDOZtRn2tiiAh+HJ
+JHU7twtHlHttkSjqP0a7zVCHbIostJZRLZRa1bAlu9hjynuHmMu3/7AcNJhYV1gH
+cJTFo4w4EkFUT3zcuMrJpkWbJ+syDNa+x22Vx/YR0Wk7PPVE32lXzOYx4KYk8R8g
+B7PvePJW3wPaWSC5sgPzmbpnbHTEP8pRN9N173IFF0S00wwV5Pea3ltOB5R2ALkZ
+pkTo/ck5xmcEwEk8DZsybe/uE/gyBoSRhOEqCbgxb/qkq/guYaHo7lvjGRjhgF16
+3orwBStzjZCjNQKCAQEA26anyawLGKgIix2eQAXO7GxPmQToWdp5JGZr9u7bnGrp
+Q5qJBe4gx26WgDa17zonAD9YgE7Fv5WV/zjqiI06wNSDostz6OayUsn5tttFWlVv
+QlBWBspQu8alhCq4OgxMfhxXEGQtWrqc3TlJMebEsiTlrqP7bnvpGwADVGuhUyQ7
+t+L9oQ8SBgcJ+gGOc0P3GDPGni36itqxYNO/e1edkQAsdQh5TEsTsT1uNxPXOvv9
+PMK0QhP/jECBjjQ8MAuMnYalQl0y8WqqQPgGKUHlx20Aydy9IBUTWpG2t0Gxcike
+WncXomBJSEXppp8uNiz5gqKqyq4ODFZa14FlbZ5s2wKCAQEA6zmdxGzTYHxgOEXf
+Ybq3EQ6+B5oIHBzBuQ+MY7PiV3pYmBuMI5XVf1OONgKMoNJC8F9VPvM/+H9jgEff
+km9lvnd/Sj82tvj0vkMJSjhomdbZo9cZvdElKL4Mle1NCjXGKnJ993VPStAR2x9g
+FRMVN+70+XzDMmfRrdGoe4sGq3sO2TC+qko3N3/oWMlYUNiem+MpkeR2d7q6xWmt
+0K3SSYY6ouj6dC4KOljeOptnuL4PFZZdoMt6wOTOSneHIwmn697d23j6dQ/i4z+F
+GFDz4CthX+vv3xOOO7Dx9CYkyfMZQGa7LOtGKfgQJ7fcal5QnTDSvciTK2uk1fnT
+HJT/eQKCAQABbl2Lf9Z2q6malm/QhPkrKy19lr2Y0EaXyR8M9dNyenPYn+oiosGN
+6xeJ8FFRJLTaWI9QDrNVIzld91X328u1M+1Do0W3D8G7rls1KMqT4xidev6Efs71
+2j571PdsUWYyMCcVEUIGZE7fVh829wTzEDB66dCakK4dIevjoevkKclF0nHKmdmJ
+NoSHH3l5IMk8XCIAJ9aJDxG2ysplmFWLe0/O12ZK6/ZN4lOUgkmVtcyZl78q6wxw
+Mn9lmMuHmJuq7xSmkQri7cn8MGGB5U8E9J3bstd8nQaKQYbKPOBWGRR8jGgYA76W
+fPYfwsu/SJ27jynDtkybIfjnjI1HoI+fAoIBAQCMrcRGmksweAgFs/fq24pYxV/K
+oF98txTINrV7MJQamDfpzqlCML9Vo8WFk56BRGj9NqOU+kgvi3aTfRhN5kSeE6y/
+Kb/u89dVYhKpzr2zAy9/msup8yPKD9sT/c7S3DJRlNp5DXy48MSntz0+k710SaYe
+1GXOwfch8WwkkVpgWY/08WRuNbRbD7Jmkqjz/PtcirkewljpWn+05kUSqAgEyBfy
+kCahABRtdH0FAMQjzqb5kS/g0K4BEje9ie81wvtd3r2b89WSgBDFCno/Oq8hKEC0
+DP828OmbLWSiRvnYCcKxVaWnDvsgFTALySB89dQpTGEWFoHC1XbNJgnwg/9l
+-----END RSA PRIVATE KEY-----
diff --git a/dev/authelia/users_database.yml b/dev/authelia/users_database.yml
new file mode 100644
index 0000000..9259941
--- /dev/null
+++ b/dev/authelia/users_database.yml
@@ -0,0 +1,13 @@
+users:
+ alice:
+ displayname: Alice
+ password: "$argon2id$v=19$m=65536,t=3,p=4$S3hTSS90U1QycjNEWURZTw$aJP1fI/byC/3A7NCz5lyrXR7NS+l+1YMnqj5qFopZRk"
+ email: alice@example.com
+ bob:
+ displayname: "Bob"
+ password: "$argon2id$v=19$m=65536,t=3,p=4$amxRcURFVUk4TlhPOXFmWg$sPRsvGg9rrqefRp0fFA7wQG3O8OcMnQhj4IckHYPEz8"
+ email: bob@example.com
+ admin:
+ displayname: "Admin"
+ password: "$argon2id$v=19$m=65536,t=3,p=4$SFBXa1BXblNZKytoZ1ZLYQ$JruWROu9opYmcPNw1cIiHms4k4466DqrKIPvJe94nfA"
+ email: admin@example.com
\ No newline at end of file
diff --git a/dev/docker-compose-with-keycloak.yml b/dev/docker-compose-with-keycloak.yml
deleted file mode 100644
index c124d06..0000000
--- a/dev/docker-compose-with-keycloak.yml
+++ /dev/null
@@ -1,52 +0,0 @@
-version: '2.4'
-services:
- nginx:
- image: nginx:1.23
- volumes:
- - ./nginx-with-keycloak.conf:/etc/nginx/nginx.conf:ro
- ports: [ "80:80", "8529:8529", "9000:9000", "9002:9002", "9003:9003" ]
- networks: [ catalyst ]
-
- arangodb:
- image: arangodb/arangodb:3.8.1
- environment:
- ARANGO_ROOT_PASSWORD: foobar
- networks: [ catalyst ]
-
- minio:
- image: minio/minio:RELEASE.2021-12-10T23-03-39Z
- environment:
- MINIO_ROOT_USER: minio
- MINIO_ROOT_PASSWORD: minio123
- command: server /data -console-address ":9003"
- networks: [ catalyst ]
-
- postgres:
- image: postgres:13
- environment:
- POSTGRES_DB: keycloak
- POSTGRES_USER: keycloak
- POSTGRES_PASSWORD: password
- networks: [ catalyst ]
-
- keycloak:
- image: quay.io/keycloak/keycloak:14.0.0
- environment:
- DB_VENDOR: POSTGRES
- DB_ADDR: postgres
- DB_DATABASE: keycloak
- DB_USER: keycloak
- DB_SCHEMA: public
- DB_PASSWORD: password
- KEYCLOAK_USER: admin
- KEYCLOAK_PASSWORD: admin
- KEYCLOAK_IMPORT: /tmp/realm.json
- PROXY_ADDRESS_FORWARDING: "true"
- volumes:
- - ./keycloak/realm.json:/tmp/realm.json
- depends_on: [ postgres ]
- networks: [ catalyst ]
-
-networks:
- catalyst:
- name: catalyst
diff --git a/dev/docker-compose.yml b/dev/docker-compose.yml
index 9b9292b..37dcbbd 100644
--- a/dev/docker-compose.yml
+++ b/dev/docker-compose.yml
@@ -4,7 +4,7 @@ services:
image: nginx:1.23
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- ports: [ "80:80", "8529:8529", "9000:9000", "9003:9003" ]
+ ports: [ "80:80", "8529:8529", "9000:9000", "8082:8082", "9003:9003" ]
networks: [ catalyst ]
arangodb:
@@ -21,6 +21,20 @@ services:
command: server /data -console-address ":9003"
networks: [ catalyst ]
+ authelia:
+ image: authelia/authelia:4
+ environment:
+ AUTHELIA_JWT_SECRET: "AUTHELIA_JWT_SECRET"
+ AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE: "/config/private.pem"
+ AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET: "AUTHELIA_HMAC_SECRET"
+ AUTHELIA_STORAGE_ENCRYPTION_KEY: "AUTHELIA_STORAGE_ENCRYPTION_KEY"
+ AUTHELIA_SESSION_SECRET: "AUTHELIA_SESSION_SECRET"
+ volumes:
+ - ./authelia/configuration.yml:/config/configuration.yml
+ - ./authelia/users_database.yml:/config/users_database.yml
+ - ./authelia/private.pem:/config/private.pem
+ networks: [ catalyst ]
+
networks:
catalyst:
name: catalyst
diff --git a/dev/keycloak/realm.json b/dev/keycloak/realm.json
deleted file mode 100644
index e601195..0000000
--- a/dev/keycloak/realm.json
+++ /dev/null
@@ -1,1997 +0,0 @@
-{
- "id": "catalyst",
- "realm": "catalyst",
- "notBefore": 0,
- "defaultSignatureAlgorithm": "RS256",
- "revokeRefreshToken": false,
- "refreshTokenMaxReuse": 0,
- "accessTokenLifespan": 300,
- "accessTokenLifespanForImplicitFlow": 900,
- "ssoSessionIdleTimeout": 1800,
- "ssoSessionMaxLifespan": 36000,
- "ssoSessionIdleTimeoutRememberMe": 0,
- "ssoSessionMaxLifespanRememberMe": 0,
- "offlineSessionIdleTimeout": 2592000,
- "offlineSessionMaxLifespanEnabled": false,
- "offlineSessionMaxLifespan": 5184000,
- "clientSessionIdleTimeout": 0,
- "clientSessionMaxLifespan": 0,
- "clientOfflineSessionIdleTimeout": 0,
- "clientOfflineSessionMaxLifespan": 0,
- "accessCodeLifespan": 60,
- "accessCodeLifespanUserAction": 300,
- "accessCodeLifespanLogin": 1800,
- "actionTokenGeneratedByAdminLifespan": 43200,
- "actionTokenGeneratedByUserLifespan": 300,
- "oauth2DeviceCodeLifespan": 600,
- "oauth2DevicePollingInterval": 5,
- "enabled": true,
- "sslRequired": "external",
- "registrationAllowed": false,
- "registrationEmailAsUsername": false,
- "rememberMe": false,
- "verifyEmail": false,
- "loginWithEmailAllowed": true,
- "duplicateEmailsAllowed": false,
- "resetPasswordAllowed": false,
- "editUsernameAllowed": false,
- "bruteForceProtected": false,
- "permanentLockout": false,
- "maxFailureWaitSeconds": 900,
- "minimumQuickLoginWaitSeconds": 60,
- "waitIncrementSeconds": 60,
- "quickLoginCheckMilliSeconds": 1000,
- "maxDeltaTimeSeconds": 43200,
- "failureFactor": 30,
- "defaultRole": {
- "id": "43c7a86b-0423-4699-bc4f-94979c8995c6",
- "name": "default-roles-catalyst",
- "description": "${role_default-roles}",
- "composite": true,
- "clientRole": false,
- "containerId": "catalyst"
- },
- "requiredCredentials": [
- "password"
- ],
- "otpPolicyType": "totp",
- "otpPolicyAlgorithm": "HmacSHA1",
- "otpPolicyInitialCounter": 0,
- "otpPolicyDigits": 6,
- "otpPolicyLookAheadWindow": 1,
- "otpPolicyPeriod": 30,
- "otpSupportedApplications": [
- "FreeOTP",
- "Google Authenticator"
- ],
- "webAuthnPolicyRpEntityName": "keycloak",
- "webAuthnPolicySignatureAlgorithms": [
- "ES256"
- ],
- "webAuthnPolicyRpId": "",
- "webAuthnPolicyAttestationConveyancePreference": "not specified",
- "webAuthnPolicyAuthenticatorAttachment": "not specified",
- "webAuthnPolicyRequireResidentKey": "not specified",
- "webAuthnPolicyUserVerificationRequirement": "not specified",
- "webAuthnPolicyCreateTimeout": 0,
- "webAuthnPolicyAvoidSameAuthenticatorRegister": false,
- "webAuthnPolicyAcceptableAaguids": [],
- "webAuthnPolicyPasswordlessRpEntityName": "keycloak",
- "webAuthnPolicyPasswordlessSignatureAlgorithms": [
- "ES256"
- ],
- "webAuthnPolicyPasswordlessRpId": "",
- "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
- "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
- "webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
- "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
- "webAuthnPolicyPasswordlessCreateTimeout": 0,
- "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
- "webAuthnPolicyPasswordlessAcceptableAaguids": [],
- "users": [
- {
- "id": "2da488d4-f934-4cfc-92fe-16bfbfd693e2",
- "createdTimestamp": 1625168814915,
- "username": "service-account-reader",
- "enabled": true,
- "totp": false,
- "emailVerified": false,
- "serviceAccountClientId": "reader",
- "disableableCredentialTypes": [],
- "requiredActions": [],
- "notBefore": 0
- },
- {
- "username" : "alice",
- "enabled": true,
- "email" : "alice@example.org",
- "firstName": "Alice",
- "lastName": "Alert Analyst",
- "credentials" : [
- { "type" : "password", "value" : "alice" }
- ]
- },
- {
- "username" : "bob",
- "enabled": true,
- "email" : "bob@example.org",
- "firstName": "Bob",
- "lastName": "Incident Handler",
- "credentials" : [
- { "type" : "password", "value" : "bob" }
- ]
- },
- {
- "username" : "carol",
- "enabled": true,
- "email" : "carol@example.org",
- "firstName": "Carol",
- "lastName": "Forensicator",
- "credentials" : [
- { "type" : "password", "value" : "carol" }
- ]
- },
- {
- "username" : "dave",
- "enabled": true,
- "email" : "dave@example.org",
- "firstName": "Dave",
- "lastName": "Admin",
- "credentials" : [
- { "type" : "password", "value" : "dave" }
- ]
- },
- {
- "username" : "eve",
- "enabled": true,
- "email" : "eve@example.org",
- "firstName": "Eve",
- "lastName": "Team Lead",
- "credentials" : [
- { "type" : "password", "value" : "eve" }
- ]
- }
- ],
- "scopeMappings": [
- {
- "clientScope": "offline_access",
- "roles": [
- "offline_access"
- ]
- }
- ],
- "clientScopeMappings": {
- "account": [
- {
- "client": "account-console",
- "roles": [
- "manage-account"
- ]
- }
- ]
- },
- "clients": [
- {
- "id": "86c72872-e504-4a19-89d6-5c3843a107c6",
- "clientId": "account",
- "name": "${client_account}",
- "rootUrl": "${authBaseUrl}",
- "baseUrl": "/realms/catalyst/account/",
- "surrogateAuthRequired": false,
- "enabled": true,
- "alwaysDisplayInConsole": false,
- "clientAuthenticatorType": "client-secret",
- "redirectUris": [
- "/realms/catalyst/account/*"
- ],
- "webOrigins": [],
- "notBefore": 0,
- "bearerOnly": false,
- "consentRequired": false,
- "standardFlowEnabled": true,
- "implicitFlowEnabled": false,
- "directAccessGrantsEnabled": false,
- "serviceAccountsEnabled": false,
- "publicClient": true,
- "frontchannelLogout": false,
- "protocol": "openid-connect",
- "attributes": {},
- "authenticationFlowBindingOverrides": {},
- "fullScopeAllowed": false,
- "nodeReRegistrationTimeout": 0,
- "defaultClientScopes": [
- "web-origins",
- "roles",
- "profile",
- "email"
- ],
- "optionalClientScopes": [
- "address",
- "phone",
- "offline_access",
- "microprofile-jwt"
- ]
- },
- {
- "id": "50acde65-ed47-42ed-9447-0b4b43983cf9",
- "clientId": "account-console",
- "name": "${client_account-console}",
- "rootUrl": "${authBaseUrl}",
- "baseUrl": "/realms/catalyst/account/",
- "surrogateAuthRequired": false,
- "enabled": true,
- "alwaysDisplayInConsole": false,
- "clientAuthenticatorType": "client-secret",
- "redirectUris": [
- "/realms/catalyst/account/*"
- ],
- "webOrigins": [],
- "notBefore": 0,
- "bearerOnly": false,
- "consentRequired": false,
- "standardFlowEnabled": true,
- "implicitFlowEnabled": false,
- "directAccessGrantsEnabled": false,
- "serviceAccountsEnabled": false,
- "publicClient": true,
- "frontchannelLogout": false,
- "protocol": "openid-connect",
- "attributes": {
- "pkce.code.challenge.method": "S256"
- },
- "authenticationFlowBindingOverrides": {},
- "fullScopeAllowed": false,
- "nodeReRegistrationTimeout": 0,
- "protocolMappers": [
- {
- "id": "8f05de9b-20b0-4cb0-9885-c1f08b16494d",
- "name": "audience resolve",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-audience-resolve-mapper",
- "consentRequired": false,
- "config": {}
- }
- ],
- "defaultClientScopes": [
- "web-origins",
- "roles",
- "profile",
- "email"
- ],
- "optionalClientScopes": [
- "address",
- "phone",
- "offline_access",
- "microprofile-jwt"
- ]
- },
- {
- "id": "ce10e93d-9e15-4420-a8fd-c8fb8d262596",
- "clientId": "admin-cli",
- "name": "${client_admin-cli}",
- "surrogateAuthRequired": false,
- "enabled": true,
- "alwaysDisplayInConsole": false,
- "clientAuthenticatorType": "client-secret",
- "redirectUris": [],
- "webOrigins": [],
- "notBefore": 0,
- "bearerOnly": false,
- "consentRequired": false,
- "standardFlowEnabled": false,
- "implicitFlowEnabled": false,
- "directAccessGrantsEnabled": true,
- "serviceAccountsEnabled": false,
- "publicClient": true,
- "frontchannelLogout": false,
- "protocol": "openid-connect",
- "attributes": {},
- "authenticationFlowBindingOverrides": {},
- "fullScopeAllowed": false,
- "nodeReRegistrationTimeout": 0,
- "defaultClientScopes": [
- "web-origins",
- "roles",
- "profile",
- "email"
- ],
- "optionalClientScopes": [
- "address",
- "phone",
- "offline_access",
- "microprofile-jwt"
- ]
- },
- {
- "id": "ff18f8fb-27be-47c2-9a76-3ceb17ccccd8",
- "clientId": "broker",
- "name": "${client_broker}",
- "surrogateAuthRequired": false,
- "enabled": true,
- "alwaysDisplayInConsole": false,
- "clientAuthenticatorType": "client-secret",
- "redirectUris": [],
- "webOrigins": [],
- "notBefore": 0,
- "bearerOnly": true,
- "consentRequired": false,
- "standardFlowEnabled": true,
- "implicitFlowEnabled": false,
- "directAccessGrantsEnabled": false,
- "serviceAccountsEnabled": false,
- "publicClient": false,
- "frontchannelLogout": false,
- "protocol": "openid-connect",
- "attributes": {},
- "authenticationFlowBindingOverrides": {},
- "fullScopeAllowed": false,
- "nodeReRegistrationTimeout": 0,
- "defaultClientScopes": [
- "web-origins",
- "roles",
- "profile",
- "email"
- ],
- "optionalClientScopes": [
- "address",
- "phone",
- "offline_access",
- "microprofile-jwt"
- ]
- },
- {
- "id": "43419de7-4beb-4401-9a7f-34aedf158305",
- "clientId": "reader",
- "surrogateAuthRequired": false,
- "enabled": true,
- "alwaysDisplayInConsole": false,
- "clientAuthenticatorType": "client-secret",
- "secret": "**********",
- "redirectUris": [],
- "webOrigins": [],
- "notBefore": 0,
- "bearerOnly": false,
- "consentRequired": false,
- "standardFlowEnabled": false,
- "implicitFlowEnabled": false,
- "directAccessGrantsEnabled": false,
- "serviceAccountsEnabled": true,
- "publicClient": false,
- "frontchannelLogout": false,
- "protocol": "openid-connect",
- "attributes": {
- "saml.assertion.signature": "false",
- "id.token.as.detached.signature": "false",
- "saml.multivalued.roles": "false",
- "saml.force.post.binding": "false",
- "saml.encrypt": "false",
- "oauth2.device.authorization.grant.enabled": "false",
- "backchannel.logout.revoke.offline.tokens": "false",
- "saml.server.signature": "false",
- "saml.server.signature.keyinfo.ext": "false",
- "use.refresh.tokens": "true",
- "exclude.session.state.from.auth.response": "false",
- "oidc.ciba.grant.enabled": "false",
- "saml.artifact.binding": "false",
- "backchannel.logout.session.required": "true",
- "client_credentials.use_refresh_token": "false",
- "saml_force_name_id_format": "false",
- "saml.client.signature": "false",
- "tls.client.certificate.bound.access.tokens": "false",
- "saml.authnstatement": "false",
- "display.on.consent.screen": "false",
- "saml.onetimeuse.condition": "false"
- },
- "authenticationFlowBindingOverrides": {},
- "fullScopeAllowed": true,
- "nodeReRegistrationTimeout": -1,
- "protocolMappers": [
- {
- "id": "8da9dcd5-8da3-4280-bdaa-24c4c61b46b2",
- "name": "Client Host",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usersessionmodel-note-mapper",
- "consentRequired": false,
- "config": {
- "user.session.note": "clientHost",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "clientHost",
- "jsonType.label": "String"
- }
- },
- {
- "id": "1e98ec8d-f131-4ef6-9363-a46930896cd3",
- "name": "Client ID",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usersessionmodel-note-mapper",
- "consentRequired": false,
- "config": {
- "user.session.note": "clientId",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "clientId",
- "jsonType.label": "String"
- }
- },
- {
- "id": "85483f67-1ed0-40d1-a67a-29817b99d2b9",
- "name": "Client IP Address",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usersessionmodel-note-mapper",
- "consentRequired": false,
- "config": {
- "user.session.note": "clientAddress",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "clientAddress",
- "jsonType.label": "String"
- }
- }
- ],
- "defaultClientScopes": [
- "web-origins",
- "roles",
- "profile",
- "groups",
- "email"
- ],
- "optionalClientScopes": [
- "address",
- "phone",
- "offline_access",
- "microprofile-jwt"
- ]
- },
- {
- "id": "d2286137-1944-4a9b-b826-4d5a6f7cdf28",
- "clientId": "catalyst",
- "rootUrl": "http://catalyst.internal.com/",
- "adminUrl": "http://catalyst.internal.com/",
- "surrogateAuthRequired": false,
- "enabled": true,
- "alwaysDisplayInConsole": false,
- "clientAuthenticatorType": "client-secret",
- "secret": "d3ec0d91-b6ea-482d-8a4e-2f5a7ca0b4cb",
- "redirectUris": [
- "http://catalyst.internal.com/*",
- "http://localhost:8000/auth/callback",
- "http://localhost/auth/callback"
- ],
- "webOrigins": [
- "http://catalyst.internal.com",
- "http://localhost:8000",
- "http://localhost",
- "+"
- ],
- "notBefore": 0,
- "bearerOnly": false,
- "consentRequired": false,
- "standardFlowEnabled": true,
- "implicitFlowEnabled": false,
- "directAccessGrantsEnabled": true,
- "serviceAccountsEnabled": false,
- "publicClient": false,
- "frontchannelLogout": false,
- "protocol": "openid-connect",
- "attributes": {
- "id.token.as.detached.signature": "false",
- "saml.assertion.signature": "false",
- "saml.force.post.binding": "false",
- "saml.multivalued.roles": "false",
- "saml.encrypt": "false",
- "oauth2.device.authorization.grant.enabled": "false",
- "backchannel.logout.revoke.offline.tokens": "false",
- "saml.server.signature": "false",
- "saml.server.signature.keyinfo.ext": "false",
- "use.refresh.tokens": "true",
- "exclude.session.state.from.auth.response": "false",
- "oidc.ciba.grant.enabled": "false",
- "saml.artifact.binding": "false",
- "backchannel.logout.session.required": "true",
- "client_credentials.use_refresh_token": "false",
- "saml_force_name_id_format": "false",
- "saml.client.signature": "false",
- "tls.client.certificate.bound.access.tokens": "false",
- "saml.authnstatement": "false",
- "display.on.consent.screen": "false",
- "saml.onetimeuse.condition": "false"
- },
- "authenticationFlowBindingOverrides": {},
- "fullScopeAllowed": true,
- "nodeReRegistrationTimeout": -1,
- "defaultClientScopes": [
- "web-origins",
- "roles",
- "profile",
- "email"
- ],
- "optionalClientScopes": [
- "address",
- "phone",
- "offline_access",
- "microprofile-jwt"
- ]
- },
- {
- "id": "6cd83d64-0384-4e16-890d-2fa470b144ab",
- "clientId": "realm-management",
- "name": "${client_realm-management}",
- "surrogateAuthRequired": false,
- "enabled": true,
- "alwaysDisplayInConsole": false,
- "clientAuthenticatorType": "client-secret",
- "redirectUris": [],
- "webOrigins": [],
- "notBefore": 0,
- "bearerOnly": true,
- "consentRequired": false,
- "standardFlowEnabled": true,
- "implicitFlowEnabled": false,
- "directAccessGrantsEnabled": false,
- "serviceAccountsEnabled": false,
- "publicClient": false,
- "frontchannelLogout": false,
- "protocol": "openid-connect",
- "attributes": {},
- "authenticationFlowBindingOverrides": {},
- "fullScopeAllowed": false,
- "nodeReRegistrationTimeout": 0,
- "defaultClientScopes": [
- "web-origins",
- "roles",
- "profile",
- "email"
- ],
- "optionalClientScopes": [
- "address",
- "phone",
- "offline_access",
- "microprofile-jwt"
- ]
- },
- {
- "id": "31f01a93-e892-4874-92be-62e1ba4c49b5",
- "clientId": "security-admin-console",
- "name": "${client_security-admin-console}",
- "rootUrl": "${authAdminUrl}",
- "baseUrl": "/admin/catalyst/console/",
- "surrogateAuthRequired": false,
- "enabled": true,
- "alwaysDisplayInConsole": false,
- "clientAuthenticatorType": "client-secret",
- "redirectUris": [
- "/admin/catalyst/console/*"
- ],
- "webOrigins": [
- "+"
- ],
- "notBefore": 0,
- "bearerOnly": false,
- "consentRequired": false,
- "standardFlowEnabled": true,
- "implicitFlowEnabled": false,
- "directAccessGrantsEnabled": false,
- "serviceAccountsEnabled": false,
- "publicClient": true,
- "frontchannelLogout": false,
- "protocol": "openid-connect",
- "attributes": {
- "pkce.code.challenge.method": "S256"
- },
- "authenticationFlowBindingOverrides": {},
- "fullScopeAllowed": false,
- "nodeReRegistrationTimeout": 0,
- "protocolMappers": [
- {
- "id": "bff3e1b7-5125-419d-a97b-720622e79a81",
- "name": "locale",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "userinfo.token.claim": "true",
- "user.attribute": "locale",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "locale",
- "jsonType.label": "String"
- }
- }
- ],
- "defaultClientScopes": [
- "web-origins",
- "roles",
- "profile",
- "email"
- ],
- "optionalClientScopes": [
- "address",
- "phone",
- "offline_access",
- "microprofile-jwt"
- ]
- }
- ],
- "clientScopes": [
- {
- "id": "90b39bdb-75ff-4928-ba7a-085b2f735409",
- "name": "roles",
- "description": "OpenID Connect scope for add user roles to the access token",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "false",
- "display.on.consent.screen": "true",
- "consent.screen.text": "${rolesScopeConsentText}"
- },
- "protocolMappers": [
- {
- "id": "8fbf5a86-4629-4b1a-b66d-d957c8158e77",
- "name": "audience resolve",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-audience-resolve-mapper",
- "consentRequired": false,
- "config": {}
- },
- {
- "id": "065c0856-09e2-4b2e-ae83-7ca0edc487ac",
- "name": "realm roles",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-realm-role-mapper",
- "consentRequired": false,
- "config": {
- "user.attribute": "foo",
- "access.token.claim": "true",
- "claim.name": "realm_access.roles",
- "jsonType.label": "String",
- "multivalued": "true"
- }
- },
- {
- "id": "2fca9b42-c6da-4d6a-94ee-c2c8b2731dfe",
- "name": "client roles",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-client-role-mapper",
- "consentRequired": false,
- "config": {
- "user.attribute": "foo",
- "access.token.claim": "true",
- "claim.name": "resource_access.${client_id}.roles",
- "jsonType.label": "String",
- "multivalued": "true"
- }
- }
- ]
- },
- {
- "id": "3b637bf5-80f8-4419-921f-334b2c4dd11f",
- "name": "groups",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "true",
- "display.on.consent.screen": "true"
- },
- "protocolMappers": [
- {
- "id": "0acdd906-0208-4afa-b33a-01e59b280fac",
- "name": "groups",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-realm-role-mapper",
- "consentRequired": false,
- "config": {
- "multivalued": "true",
- "user.attribute": "foo",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "groups",
- "jsonType.label": "String"
- }
- }
- ]
- },
- {
- "id": "7afd7e91-0f50-42dc-bfd7-5898ee70b908",
- "name": "profile",
- "description": "OpenID Connect built-in scope: profile",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "true",
- "display.on.consent.screen": "true",
- "consent.screen.text": "${profileScopeConsentText}"
- },
- "protocolMappers": [
- {
- "id": "975e3e1f-daca-4c91-b0ba-69242bbe0945",
- "name": "middle name",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "userinfo.token.claim": "true",
- "user.attribute": "middleName",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "middle_name",
- "jsonType.label": "String"
- }
- },
- {
- "id": "fef97135-a66c-48d2-a942-6798e387be15",
- "name": "username",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-property-mapper",
- "consentRequired": false,
- "config": {
- "userinfo.token.claim": "true",
- "user.attribute": "username",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "preferred_username",
- "jsonType.label": "String"
- }
- },
- {
- "id": "b3c5f39f-a126-4840-9103-2ae574344049",
- "name": "gender",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "userinfo.token.claim": "true",
- "user.attribute": "gender",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "gender",
- "jsonType.label": "String"
- }
- },
- {
- "id": "04a542fe-c6b1-4880-a0a9-e9a6934bf1f3",
- "name": "picture",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "userinfo.token.claim": "true",
- "user.attribute": "picture",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "picture",
- "jsonType.label": "String"
- }
- },
- {
- "id": "78d162f9-b23f-45ca-a671-f2f528229da2",
- "name": "profile",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "userinfo.token.claim": "true",
- "user.attribute": "profile",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "profile",
- "jsonType.label": "String"
- }
- },
- {
- "id": "30aecb8d-36fc-465e-a141-dc2b58ff675f",
- "name": "birthdate",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "userinfo.token.claim": "true",
- "user.attribute": "birthdate",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "birthdate",
- "jsonType.label": "String"
- }
- },
- {
- "id": "b20432db-d804-4821-989e-e48030d8b562",
- "name": "locale",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "userinfo.token.claim": "true",
- "user.attribute": "locale",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "locale",
- "jsonType.label": "String"
- }
- },
- {
- "id": "842ee2fa-5ecb-47f6-a890-f8cbd1ee1eb0",
- "name": "full name",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-full-name-mapper",
- "consentRequired": false,
- "config": {
- "id.token.claim": "true",
- "access.token.claim": "true",
- "userinfo.token.claim": "true"
- }
- },
- {
- "id": "7ca293bf-c6ba-45cc-b49d-a824ae1284b8",
- "name": "family name",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-property-mapper",
- "consentRequired": false,
- "config": {
- "userinfo.token.claim": "true",
- "user.attribute": "lastName",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "family_name",
- "jsonType.label": "String"
- }
- },
- {
- "id": "4d7f731d-0133-4501-8fd6-3a9918b7d7df",
- "name": "nickname",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "userinfo.token.claim": "true",
- "user.attribute": "nickname",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "nickname",
- "jsonType.label": "String"
- }
- },
- {
- "id": "68c7909b-e46d-421e-943d-0fc30d1fa0ab",
- "name": "updated at",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "userinfo.token.claim": "true",
- "user.attribute": "updatedAt",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "updated_at",
- "jsonType.label": "String"
- }
- },
- {
- "id": "9f041128-9b6e-4013-af57-e3599ea30465",
- "name": "given name",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-property-mapper",
- "consentRequired": false,
- "config": {
- "userinfo.token.claim": "true",
- "user.attribute": "firstName",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "given_name",
- "jsonType.label": "String"
- }
- },
- {
- "id": "6cfa184f-1163-4b6a-a4da-a96e4720cec6",
- "name": "website",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "userinfo.token.claim": "true",
- "user.attribute": "website",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "website",
- "jsonType.label": "String"
- }
- },
- {
- "id": "8328b25a-9b10-4059-ac90-20ffa2d8d331",
- "name": "zoneinfo",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "userinfo.token.claim": "true",
- "user.attribute": "zoneinfo",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "zoneinfo",
- "jsonType.label": "String"
- }
- }
- ]
- },
- {
- "id": "bcac8ddc-27db-4734-99db-ab9f892ea1a6",
- "name": "microprofile-jwt",
- "description": "Microprofile - JWT built-in scope",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "true",
- "display.on.consent.screen": "false"
- },
- "protocolMappers": [
- {
- "id": "272bbae0-68d0-4466-a756-742a26ad9e7d",
- "name": "upn",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-property-mapper",
- "consentRequired": false,
- "config": {
- "userinfo.token.claim": "true",
- "user.attribute": "username",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "upn",
- "jsonType.label": "String"
- }
- },
- {
- "id": "df5f04b5-544c-4cd4-8ea6-6ce101a72216",
- "name": "groups",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-realm-role-mapper",
- "consentRequired": false,
- "config": {
- "multivalued": "true",
- "userinfo.token.claim": "true",
- "user.attribute": "foo",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "groups",
- "jsonType.label": "String"
- }
- }
- ]
- },
- {
- "id": "cda6829b-af33-462c-99d1-198bcfe1a648",
- "name": "phone",
- "description": "OpenID Connect built-in scope: phone",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "true",
- "display.on.consent.screen": "true",
- "consent.screen.text": "${phoneScopeConsentText}"
- },
- "protocolMappers": [
- {
- "id": "834b65c6-72ac-4884-9fc6-d81e68d00e2e",
- "name": "phone number verified",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "userinfo.token.claim": "true",
- "user.attribute": "phoneNumberVerified",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "phone_number_verified",
- "jsonType.label": "boolean"
- }
- },
- {
- "id": "1d6d57b3-4500-4888-8473-c10b5c91dbb6",
- "name": "phone number",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
- "consentRequired": false,
- "config": {
- "userinfo.token.claim": "true",
- "user.attribute": "phoneNumber",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "phone_number",
- "jsonType.label": "String"
- }
- }
- ]
- },
- {
- "id": "ed16c65e-eede-4dfa-a1c7-332cd0d3d2b0",
- "name": "web-origins",
- "description": "OpenID Connect scope for add allowed web origins to the access token",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "false",
- "display.on.consent.screen": "false",
- "consent.screen.text": ""
- },
- "protocolMappers": [
- {
- "id": "f6507f62-0e6b-4e46-8124-216eed351d9a",
- "name": "allowed web origins",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-allowed-origins-mapper",
- "consentRequired": false,
- "config": {}
- }
- ]
- },
- {
- "id": "22de1ea1-162c-4bca-a864-ce1c41a98984",
- "name": "email",
- "description": "OpenID Connect built-in scope: email",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "true",
- "display.on.consent.screen": "true",
- "consent.screen.text": "${emailScopeConsentText}"
- },
- "protocolMappers": [
- {
- "id": "5bb8438c-d485-4134-bc7c-006337364a8c",
- "name": "email",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-property-mapper",
- "consentRequired": false,
- "config": {
- "userinfo.token.claim": "true",
- "user.attribute": "email",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "email",
- "jsonType.label": "String"
- }
- },
- {
- "id": "3914a22d-f4f2-4278-8df6-17b3a2d79c11",
- "name": "email verified",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-property-mapper",
- "consentRequired": false,
- "config": {
- "userinfo.token.claim": "true",
- "user.attribute": "emailVerified",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "email_verified",
- "jsonType.label": "boolean"
- }
- }
- ]
- },
- {
- "id": "44eb06c1-1f84-4f20-9fe5-af2dd2652883",
- "name": "role_list",
- "description": "SAML role list",
- "protocol": "saml",
- "attributes": {
- "consent.screen.text": "${samlRoleListScopeConsentText}",
- "display.on.consent.screen": "true"
- },
- "protocolMappers": [
- {
- "id": "377fcde9-859d-4022-81e1-b08c523e9eea",
- "name": "role list",
- "protocol": "saml",
- "protocolMapper": "saml-role-list-mapper",
- "consentRequired": false,
- "config": {
- "single": "false",
- "attribute.nameformat": "Basic",
- "attribute.name": "Role"
- }
- }
- ]
- },
- {
- "id": "9b141075-26c2-45d9-b4be-fd3c3cbb3c51",
- "name": "address",
- "description": "OpenID Connect built-in scope: address",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "true",
- "display.on.consent.screen": "true",
- "consent.screen.text": "${addressScopeConsentText}"
- },
- "protocolMappers": [
- {
- "id": "7cec2511-c0ef-4f79-842f-3c68573dc5a7",
- "name": "address",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-address-mapper",
- "consentRequired": false,
- "config": {
- "user.attribute.formatted": "formatted",
- "user.attribute.country": "country",
- "user.attribute.postal_code": "postal_code",
- "userinfo.token.claim": "true",
- "user.attribute.street": "street",
- "id.token.claim": "true",
- "user.attribute.region": "region",
- "access.token.claim": "true",
- "user.attribute.locality": "locality"
- }
- }
- ]
- },
- {
- "id": "40730fee-dab9-408b-934d-bc6eeea12ff8",
- "name": "offline_access",
- "description": "OpenID Connect built-in scope: offline_access",
- "protocol": "openid-connect",
- "attributes": {
- "consent.screen.text": "${offlineAccessScopeConsentText}",
- "display.on.consent.screen": "true"
- }
- }
- ],
- "defaultDefaultClientScopes": [
- "role_list",
- "profile",
- "email",
- "roles",
- "web-origins"
- ],
- "defaultOptionalClientScopes": [
- "offline_access",
- "address",
- "phone",
- "microprofile-jwt"
- ],
- "browserSecurityHeaders": {
- "contentSecurityPolicyReportOnly": "",
- "xContentTypeOptions": "nosniff",
- "xRobotsTag": "none",
- "xFrameOptions": "SAMEORIGIN",
- "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
- "xXSSProtection": "1; mode=block",
- "strictTransportSecurity": "max-age=31536000; includeSubDomains"
- },
- "smtpServer": {},
- "eventsEnabled": false,
- "eventsListeners": [
- "jboss-logging"
- ],
- "enabledEventTypes": [],
- "adminEventsEnabled": false,
- "adminEventsDetailsEnabled": false,
- "identityProviders": [],
- "identityProviderMappers": [],
- "components": {
- "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
- {
- "id": "4b06a544-5815-47c4-8e21-e5e0c44af05b",
- "name": "Trusted Hosts",
- "providerId": "trusted-hosts",
- "subType": "anonymous",
- "subComponents": {},
- "config": {
- "host-sending-registration-request-must-match": [
- "true"
- ],
- "client-uris-must-match": [
- "true"
- ]
- }
- },
- {
- "id": "b58228d2-64f7-4880-bdb4-b37902896176",
- "name": "Allowed Protocol Mapper Types",
- "providerId": "allowed-protocol-mappers",
- "subType": "authenticated",
- "subComponents": {},
- "config": {
- "allowed-protocol-mapper-types": [
- "saml-user-attribute-mapper",
- "oidc-sha256-pairwise-sub-mapper",
- "oidc-address-mapper",
- "oidc-full-name-mapper",
- "saml-user-property-mapper",
- "oidc-usermodel-property-mapper",
- "saml-role-list-mapper",
- "oidc-usermodel-attribute-mapper"
- ]
- }
- },
- {
- "id": "2122720d-ea69-4bfa-834e-f1dd12ad55df",
- "name": "Max Clients Limit",
- "providerId": "max-clients",
- "subType": "anonymous",
- "subComponents": {},
- "config": {
- "max-clients": [
- "200"
- ]
- }
- },
- {
- "id": "e1a99694-7f99-416d-8e80-2ab92c53034a",
- "name": "Consent Required",
- "providerId": "consent-required",
- "subType": "anonymous",
- "subComponents": {},
- "config": {}
- },
- {
- "id": "83ae6ccc-24c1-47d5-9bae-59879a90e2a4",
- "name": "Allowed Client Scopes",
- "providerId": "allowed-client-templates",
- "subType": "anonymous",
- "subComponents": {},
- "config": {
- "allow-default-scopes": [
- "true"
- ]
- }
- },
- {
- "id": "15dcc7e3-13a1-45d2-b95c-f92cb7b86471",
- "name": "Allowed Client Scopes",
- "providerId": "allowed-client-templates",
- "subType": "authenticated",
- "subComponents": {},
- "config": {
- "allow-default-scopes": [
- "true"
- ]
- }
- },
- {
- "id": "c9f2eefd-43dd-49fb-b143-f61135c4fc9d",
- "name": "Full Scope Disabled",
- "providerId": "scope",
- "subType": "anonymous",
- "subComponents": {},
- "config": {}
- },
- {
- "id": "ef9fa331-eaed-4408-999f-5c2e86e883ea",
- "name": "Allowed Protocol Mapper Types",
- "providerId": "allowed-protocol-mappers",
- "subType": "anonymous",
- "subComponents": {},
- "config": {
- "allowed-protocol-mapper-types": [
- "saml-user-attribute-mapper",
- "oidc-usermodel-property-mapper",
- "oidc-address-mapper",
- "saml-user-property-mapper",
- "oidc-full-name-mapper",
- "oidc-usermodel-attribute-mapper",
- "oidc-sha256-pairwise-sub-mapper",
- "saml-role-list-mapper"
- ]
- }
- }
- ],
- "org.keycloak.keys.KeyProvider": [
- {
- "id": "9681f0d2-cf07-481a-b51b-755824f4c848",
- "name": "hmac-generated",
- "providerId": "hmac-generated",
- "subComponents": {},
- "config": {
- "priority": [
- "100"
- ],
- "algorithm": [
- "HS256"
- ]
- }
- },
- {
- "id": "b7310fea-0031-46be-a62d-bcfc363a6b38",
- "name": "rsa-generated",
- "providerId": "rsa-generated",
- "subComponents": {},
- "config": {
- "priority": [
- "100"
- ]
- }
- },
- {
- "id": "e462b05b-9e22-403c-b715-582c2c7d9d31",
- "name": "aes-generated",
- "providerId": "aes-generated",
- "subComponents": {},
- "config": {
- "priority": [
- "100"
- ]
- }
- }
- ]
- },
- "internationalizationEnabled": false,
- "supportedLocales": [],
- "authenticationFlows": [
- {
- "id": "25cc92da-3b9c-420f-aed4-47fc9a862cf1",
- "alias": "Account verification options",
- "description": "Method with which to verity the existing account",
- "providerId": "basic-flow",
- "topLevel": false,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "idp-email-verification",
- "authenticatorFlow": false,
- "requirement": "ALTERNATIVE",
- "priority": 10,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticatorFlow": true,
- "requirement": "ALTERNATIVE",
- "priority": 20,
- "flowAlias": "Verify Existing Account by Re-authentication",
- "userSetupAllowed": false,
- "autheticatorFlow": true
- }
- ]
- },
- {
- "id": "9a50d2e9-9b6c-43d4-9e96-5e0057b9989e",
- "alias": "Authentication Options",
- "description": "Authentication options.",
- "providerId": "basic-flow",
- "topLevel": false,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "basic-auth",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 10,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticator": "basic-auth-otp",
- "authenticatorFlow": false,
- "requirement": "DISABLED",
- "priority": 20,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticator": "auth-spnego",
- "authenticatorFlow": false,
- "requirement": "DISABLED",
- "priority": 30,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- }
- ]
- },
- {
- "id": "9c08f7ff-0ae1-4917-acde-a86918c21392",
- "alias": "Browser - Conditional OTP",
- "description": "Flow to determine if the OTP is required for the authentication",
- "providerId": "basic-flow",
- "topLevel": false,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "conditional-user-configured",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 10,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticator": "auth-otp-form",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 20,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- }
- ]
- },
- {
- "id": "cc263684-5287-48c3-b36f-cf0307e5866f",
- "alias": "Direct Grant - Conditional OTP",
- "description": "Flow to determine if the OTP is required for the authentication",
- "providerId": "basic-flow",
- "topLevel": false,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "conditional-user-configured",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 10,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticator": "direct-grant-validate-otp",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 20,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- }
- ]
- },
- {
- "id": "2d1b3b73-d844-48e6-9564-ebb612eb1ecd",
- "alias": "First broker login - Conditional OTP",
- "description": "Flow to determine if the OTP is required for the authentication",
- "providerId": "basic-flow",
- "topLevel": false,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "conditional-user-configured",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 10,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticator": "auth-otp-form",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 20,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- }
- ]
- },
- {
- "id": "05ead699-855a-4a82-a040-93fccf6ddc91",
- "alias": "Handle Existing Account",
- "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
- "providerId": "basic-flow",
- "topLevel": false,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "idp-confirm-link",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 10,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticatorFlow": true,
- "requirement": "REQUIRED",
- "priority": 20,
- "flowAlias": "Account verification options",
- "userSetupAllowed": false,
- "autheticatorFlow": true
- }
- ]
- },
- {
- "id": "2c0e2ddf-4de7-44ff-8e3c-7d547e6cc52b",
- "alias": "Reset - Conditional OTP",
- "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
- "providerId": "basic-flow",
- "topLevel": false,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "conditional-user-configured",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 10,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticator": "reset-otp",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 20,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- }
- ]
- },
- {
- "id": "9ce700a0-743c-42f9-be51-83e11beb1521",
- "alias": "User creation or linking",
- "description": "Flow for the existing/non-existing user alternatives",
- "providerId": "basic-flow",
- "topLevel": false,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticatorConfig": "create unique user config",
- "authenticator": "idp-create-user-if-unique",
- "authenticatorFlow": false,
- "requirement": "ALTERNATIVE",
- "priority": 10,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticatorFlow": true,
- "requirement": "ALTERNATIVE",
- "priority": 20,
- "flowAlias": "Handle Existing Account",
- "userSetupAllowed": false,
- "autheticatorFlow": true
- }
- ]
- },
- {
- "id": "f2454788-daaa-4c04-ad4f-b3d686727665",
- "alias": "Verify Existing Account by Re-authentication",
- "description": "Reauthentication of existing account",
- "providerId": "basic-flow",
- "topLevel": false,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "idp-username-password-form",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 10,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticatorFlow": true,
- "requirement": "CONDITIONAL",
- "priority": 20,
- "flowAlias": "First broker login - Conditional OTP",
- "userSetupAllowed": false,
- "autheticatorFlow": true
- }
- ]
- },
- {
- "id": "fd57d3fe-8353-4d51-ab6b-531f1b6484d0",
- "alias": "browser",
- "description": "browser based authentication",
- "providerId": "basic-flow",
- "topLevel": true,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "auth-cookie",
- "authenticatorFlow": false,
- "requirement": "ALTERNATIVE",
- "priority": 10,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticator": "auth-spnego",
- "authenticatorFlow": false,
- "requirement": "DISABLED",
- "priority": 20,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticator": "identity-provider-redirector",
- "authenticatorFlow": false,
- "requirement": "ALTERNATIVE",
- "priority": 25,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticatorFlow": true,
- "requirement": "ALTERNATIVE",
- "priority": 30,
- "flowAlias": "forms",
- "userSetupAllowed": false,
- "autheticatorFlow": true
- }
- ]
- },
- {
- "id": "0895ae02-6132-41aa-8e2a-ae7ef8a1a090",
- "alias": "clients",
- "description": "Base authentication for clients",
- "providerId": "client-flow",
- "topLevel": true,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "client-secret",
- "authenticatorFlow": false,
- "requirement": "ALTERNATIVE",
- "priority": 10,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticator": "client-jwt",
- "authenticatorFlow": false,
- "requirement": "ALTERNATIVE",
- "priority": 20,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticator": "client-secret-jwt",
- "authenticatorFlow": false,
- "requirement": "ALTERNATIVE",
- "priority": 30,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticator": "client-x509",
- "authenticatorFlow": false,
- "requirement": "ALTERNATIVE",
- "priority": 40,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- }
- ]
- },
- {
- "id": "f1cd5fb9-4201-4645-a4f7-72e2404f9b5f",
- "alias": "direct grant",
- "description": "OpenID Connect Resource Owner Grant",
- "providerId": "basic-flow",
- "topLevel": true,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "direct-grant-validate-username",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 10,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticator": "direct-grant-validate-password",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 20,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticatorFlow": true,
- "requirement": "CONDITIONAL",
- "priority": 30,
- "flowAlias": "Direct Grant - Conditional OTP",
- "userSetupAllowed": false,
- "autheticatorFlow": true
- }
- ]
- },
- {
- "id": "34571ce1-2cc9-4ee6-be67-88761c35fb1e",
- "alias": "docker auth",
- "description": "Used by Docker clients to authenticate against the IDP",
- "providerId": "basic-flow",
- "topLevel": true,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "docker-http-basic-authenticator",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 10,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- }
- ]
- },
- {
- "id": "708e0448-2e55-4e93-8d27-2bcb30fb484e",
- "alias": "first broker login",
- "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
- "providerId": "basic-flow",
- "topLevel": true,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticatorConfig": "review profile config",
- "authenticator": "idp-review-profile",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 10,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticatorFlow": true,
- "requirement": "REQUIRED",
- "priority": 20,
- "flowAlias": "User creation or linking",
- "userSetupAllowed": false,
- "autheticatorFlow": true
- }
- ]
- },
- {
- "id": "4e1d40ab-f072-4deb-ba28-3938d306a5e2",
- "alias": "forms",
- "description": "Username, password, otp and other auth forms.",
- "providerId": "basic-flow",
- "topLevel": false,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "auth-username-password-form",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 10,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticatorFlow": true,
- "requirement": "CONDITIONAL",
- "priority": 20,
- "flowAlias": "Browser - Conditional OTP",
- "userSetupAllowed": false,
- "autheticatorFlow": true
- }
- ]
- },
- {
- "id": "fad42d83-0a6b-441a-a217-73ea14f7460d",
- "alias": "http challenge",
- "description": "An authentication flow based on challenge-response HTTP Authentication Schemes",
- "providerId": "basic-flow",
- "topLevel": true,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "no-cookie-redirect",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 10,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticatorFlow": true,
- "requirement": "REQUIRED",
- "priority": 20,
- "flowAlias": "Authentication Options",
- "userSetupAllowed": false,
- "autheticatorFlow": true
- }
- ]
- },
- {
- "id": "f44f939f-75c5-4080-880b-00ccb4a7496e",
- "alias": "registration",
- "description": "registration flow",
- "providerId": "basic-flow",
- "topLevel": true,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "registration-page-form",
- "authenticatorFlow": true,
- "requirement": "REQUIRED",
- "priority": 10,
- "flowAlias": "registration form",
- "userSetupAllowed": false,
- "autheticatorFlow": true
- }
- ]
- },
- {
- "id": "e7350e5b-1f96-4b34-94ac-0fd465f1d7a9",
- "alias": "registration form",
- "description": "registration form",
- "providerId": "form-flow",
- "topLevel": false,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "registration-user-creation",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 20,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticator": "registration-profile-action",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 40,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticator": "registration-password-action",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 50,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticator": "registration-recaptcha-action",
- "authenticatorFlow": false,
- "requirement": "DISABLED",
- "priority": 60,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- }
- ]
- },
- {
- "id": "34cc3df0-1908-4a02-89df-08560e2a3e6c",
- "alias": "reset credentials",
- "description": "Reset credentials for a user if they forgot their password or something",
- "providerId": "basic-flow",
- "topLevel": true,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "reset-credentials-choose-user",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 10,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticator": "reset-credential-email",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 20,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticator": "reset-password",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 30,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- },
- {
- "authenticatorFlow": true,
- "requirement": "CONDITIONAL",
- "priority": 40,
- "flowAlias": "Reset - Conditional OTP",
- "userSetupAllowed": false,
- "autheticatorFlow": true
- }
- ]
- },
- {
- "id": "d92671ab-6873-4eac-863a-becb6cdaa9f4",
- "alias": "saml ecp",
- "description": "SAML ECP Profile Authentication Flow",
- "providerId": "basic-flow",
- "topLevel": true,
- "builtIn": true,
- "authenticationExecutions": [
- {
- "authenticator": "http-basic-authenticator",
- "authenticatorFlow": false,
- "requirement": "REQUIRED",
- "priority": 10,
- "userSetupAllowed": false,
- "autheticatorFlow": false
- }
- ]
- }
- ],
- "authenticatorConfig": [
- {
- "id": "d73bbeaf-a93d-4b97-8c6b-d01b015f2861",
- "alias": "create unique user config",
- "config": {
- "require.password.update.after.registration": "false"
- }
- },
- {
- "id": "a459ffde-e6fc-41d8-9ab8-c7b65b4384c3",
- "alias": "review profile config",
- "config": {
- "update.profile.on.first.login": "missing"
- }
- }
- ],
- "requiredActions": [
- {
- "alias": "CONFIGURE_TOTP",
- "name": "Configure OTP",
- "providerId": "CONFIGURE_TOTP",
- "enabled": true,
- "defaultAction": false,
- "priority": 10,
- "config": {}
- },
- {
- "alias": "terms_and_conditions",
- "name": "Terms and Conditions",
- "providerId": "terms_and_conditions",
- "enabled": false,
- "defaultAction": false,
- "priority": 20,
- "config": {}
- },
- {
- "alias": "UPDATE_PASSWORD",
- "name": "Update Password",
- "providerId": "UPDATE_PASSWORD",
- "enabled": true,
- "defaultAction": false,
- "priority": 30,
- "config": {}
- },
- {
- "alias": "UPDATE_PROFILE",
- "name": "Update Profile",
- "providerId": "UPDATE_PROFILE",
- "enabled": true,
- "defaultAction": false,
- "priority": 40,
- "config": {}
- },
- {
- "alias": "VERIFY_EMAIL",
- "name": "Verify Email",
- "providerId": "VERIFY_EMAIL",
- "enabled": true,
- "defaultAction": false,
- "priority": 50,
- "config": {}
- },
- {
- "alias": "delete_account",
- "name": "Delete Account",
- "providerId": "delete_account",
- "enabled": false,
- "defaultAction": false,
- "priority": 60,
- "config": {}
- },
- {
- "alias": "update_user_locale",
- "name": "Update User Locale",
- "providerId": "update_user_locale",
- "enabled": true,
- "defaultAction": false,
- "priority": 1000,
- "config": {}
- }
- ],
- "browserFlow": "browser",
- "registrationFlow": "registration",
- "directGrantFlow": "direct grant",
- "resetCredentialsFlow": "reset credentials",
- "clientAuthenticationFlow": "clients",
- "dockerAuthenticationFlow": "docker auth",
- "attributes": {
- "cibaBackchannelTokenDeliveryMode": "poll",
- "cibaExpiresIn": "120",
- "cibaAuthRequestedUserHint": "login_hint",
- "oauth2DeviceCodeLifespan": "600",
- "clientOfflineSessionMaxLifespan": "0",
- "oauth2DevicePollingInterval": "5",
- "clientSessionIdleTimeout": "0",
- "clientSessionMaxLifespan": "0",
- "clientOfflineSessionIdleTimeout": "0",
- "cibaInterval": "5"
- },
- "keycloakVersion": "14.0.0",
- "userManagedAccessAllowed": false,
- "clientProfiles": {
- "profiles": []
- },
- "clientPolicies": {
- "policies": []
- }
-}
diff --git a/dev/nginx-with-keycloak.conf b/dev/nginx-with-keycloak.conf
deleted file mode 100644
index 51d76c9..0000000
--- a/dev/nginx-with-keycloak.conf
+++ /dev/null
@@ -1,112 +0,0 @@
-user www-data;
-worker_processes 5;
-error_log /var/log/nginx/error.log;
-
-events {
- worker_connections 4096;
-}
-
-http {
- include mime.types;
- index index.html index.htm;
-
- log_format main '$remote_addr - $remote_user [$time_local] $status '
- '"$request" $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';
- access_log /var/log/nginx/access.log main;
-
- server {
- listen 80 default_server;
- server_name _;
-
- location / {
- resolver 127.0.0.11 valid=30s;
- set $upstream_catalyst host.docker.internal;
- proxy_pass http://$upstream_catalyst:8000;
- }
-
- location /wss {
- resolver 127.0.0.11 valid=30s;
- set $upstream_catalyst host.docker.internal;
- proxy_pass http://$upstream_catalyst:8000;
-
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_read_timeout 86400;
- }
- }
-
- server {
- listen 8529 default_server;
- server_name _;
-
- location / {
- resolver 127.0.0.11 valid=30s;
- set $upstream_arangodb arangodb;
- proxy_pass http://$upstream_arangodb:8529;
- }
- }
-
- server {
- listen 9000 default_server;
- server_name _;
-
- location / {
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Host $http_host;
-
- proxy_connect_timeout 300;
- # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
- proxy_http_version 1.1;
- proxy_set_header Connection "";
- chunked_transfer_encoding off;
-
- resolver 127.0.0.11 valid=30s;
- set $upstream_minio minio;
- proxy_pass http://$upstream_minio:9000;
- }
- }
-
- server {
- listen 9002 default_server;
- server_name _;
-
- location / {
- resolver 127.0.0.11 valid=30s;
- set $upstream_keycloak keycloak;
- proxy_pass http://$upstream_keycloak:8080;
- proxy_set_header Host $host;
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Port $server_port;
- proxy_set_header X-Forwarded-Host $host;
- proxy_set_header X-Forwarded-Server $host;
- }
- }
-
- server {
- listen 9003 default_server;
- server_name _;
-
- location / {
- proxy_set_header X-Real-IP $remote_addr;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header X-Forwarded-Proto $scheme;
- proxy_set_header Host $http_host;
-
- proxy_connect_timeout 300;
- # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
- proxy_http_version 1.1;
- proxy_set_header Connection "";
- chunked_transfer_encoding off;
-
- resolver 127.0.0.11 valid=30s;
- set $upstream_minio minio;
- proxy_pass http://$upstream_minio:9003;
- }
- }
-}
diff --git a/dev/nginx.conf b/dev/nginx.conf
index 3d7f930..e28e93c 100644
--- a/dev/nginx.conf
+++ b/dev/nginx.conf
@@ -70,6 +70,29 @@ http {
}
}
+ server {
+ listen 8082 default_server;
+ server_name _;
+
+ location / {
+ resolver 127.0.0.11 valid=30s;
+ set $upstream_authelia authelia;
+ proxy_pass http://$upstream_authelia:8082;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-Host $http_host;
+ proxy_set_header X-Forwarded-Uri $request_uri;
+ proxy_set_header X-Forwarded-Ssl on;
+ proxy_http_version 1.1;
+ proxy_set_header Connection "";
+ proxy_cache_bypass $cookie_session;
+ proxy_no_cache $cookie_session;
+ proxy_buffers 64 256k;
+ }
+ }
+
server {
listen 9003 default_server;
server_name _;
diff --git a/dev/start_dev.sh b/dev/start_dev.sh
index 15f3fae..4a09db6 100644
--- a/dev/start_dev.sh
+++ b/dev/start_dev.sh
@@ -1,8 +1,12 @@
+#!/bin/bash
+set -e
+
export SECRET=4ef5b29539b70233dd40c02a1799d25079595565e05a193b09da2c3e60ada1cd
-# export OIDC_ENABLE=true
-export OIDC_ISSUER=http://localhost:9002/auth/realms/catalyst
-export OIDC_CLIENT_SECRET=d3ec0d91-b6ea-482d-8a4e-2f5a7ca0b4cb
+export SIMPLE_AUTH_ENABLE=false
+export OIDC_ENABLE=true
+export OIDC_ISSUER=http://localhost:8082
+export OIDC_CLIENT_SECRET=secret
export ARANGO_DB_HOST=http://localhost:8529
export ARANGO_DB_PASSWORD=foobar
diff --git a/dev/start_dev_with_keycloak.sh b/dev/start_dev_with_keycloak.sh
deleted file mode 100644
index 659fd95..0000000
--- a/dev/start_dev_with_keycloak.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-export SECRET=4ef5b29539b70233dd40c02a1799d25079595565e05a193b09da2c3e60ada1cd
-
-export SIMPLE_AUTH_ENABLE=false
-export OIDC_ENABLE=true
-export OIDC_ISSUER=http://localhost:9002/auth/realms/catalyst
-export OIDC_CLIENT_SECRET=d3ec0d91-b6ea-482d-8a4e-2f5a7ca0b4cb
-
-export ARANGO_DB_HOST=http://localhost:8529
-export ARANGO_DB_PASSWORD=foobar
-export S3_HOST=http://localhost:9000
-export S3_PASSWORD=minio123
-
-export AUTH_BLOCK_NEW=false
-export AUTH_DEFAULT_ROLES=analyst,admin
-
-export EXTERNAL_ADDRESS=http://localhost
-export CATALYST_ADDRESS=http://host.docker.internal
-export INITIAL_API_KEY=d0169af94c40981eb4452a42fae536b6caa9be3a
-
-go run ../cmd/catalyst-dev/*.go
diff --git a/server.go b/server.go
index 4c43e26..c5767f0 100644
--- a/server.go
+++ b/server.go
@@ -2,6 +2,7 @@ package catalyst
import (
"context"
+ "fmt"
"net/http"
"time"
@@ -46,36 +47,36 @@ func New(hooks *hooks.Hooks, config *Config) (*Server, error) {
catalystStorage, err := storage.New(config.Storage)
if err != nil {
- return nil, err
+ return nil, fmt.Errorf("failed to create storage: %w", err)
}
catalystIndex, err := index.New(config.IndexPath)
if err != nil {
- return nil, err
+ return nil, fmt.Errorf("failed to create index: %w", err)
}
catalystBus := bus.New()
catalystDatabase, err := database.New(ctx, catalystIndex, catalystBus, hooks, config.DB)
if err != nil {
- return nil, err
+ return nil, fmt.Errorf("failed to create database: %w", err)
}
busservice.New(config.InternalAddress+"/api", config.Auth.InitialAPIKey, config.Network, catalystBus, catalystDatabase)
catalystService, err := service.New(catalystBus, catalystDatabase, catalystStorage, GetVersion())
if err != nil {
- return nil, err
+ return nil, fmt.Errorf("failed to create service: %w", err)
}
authenticator, err := maut.NewAuthenticator(ctx, config.Auth, newCatalystResolver(catalystDatabase))
if err != nil {
- return nil, err
+ return nil, fmt.Errorf("failed to create authenticator: %w", err)
}
apiServer, err := setupAPI(authenticator, catalystService, catalystStorage, catalystDatabase, config.DB, catalystBus, config)
if err != nil {
- return nil, err
+ return nil, fmt.Errorf("failed to create api server: %w", err)
}
return &Server{
@@ -132,7 +133,6 @@ func fileServer(authenticator *maut.Authenticator, catalystDatabase *database.Da
func backupServer(authenticator *maut.Authenticator, catalystStorage *storage.Storage, catalystDatabase *database.Database, dbConfig *database.Config) *chi.Mux {
server := chi.NewRouter()
- // TODO: add test
server.With(authenticator.AuthorizePermission("backup:create")).Get("/create", backupHandler(catalystStorage, dbConfig))
server.With(authenticator.AuthorizePermission("backup:restore")).Post("/restore", restoreHandler(catalystStorage, catalystDatabase, dbConfig))
diff --git a/test/test.go b/test/test.go
index 8f901c0..f7913fc 100644
--- a/test/test.go
+++ b/test/test.go
@@ -50,7 +50,7 @@ func Config(ctx context.Context) (*catalyst.Config, error) {
SimpleAuthEnable: true,
APIKeyAuthEnable: true,
OIDCAuthEnable: true,
- OIDCIssuer: "http://localhost:9002/auth/realms/catalyst",
+ OIDCIssuer: "http://localhost:8082",
OAuth2: &oauth2.Config{
ClientID: "catalyst",
ClientSecret: "13d4a081-7395-4f71-a911-bc098d8d3c45",
diff --git a/ui/cypress/support/e2e.js b/ui/cypress/support/e2e.js
index f8ea1a3..3e98811 100644
--- a/ui/cypress/support/e2e.js
+++ b/ui/cypress/support/e2e.js
@@ -24,5 +24,11 @@ Cypress.Commands.add('login', (options = {}) => {
cy.get("#username").type("bob");
cy.get("#password").type("bob");
cy.get("#kc-login").click();
+ } else if (Cypress.env('AUTH') === 'authelia') {
+ cy.contains("Login with OIDC").should('be.visible').click();
+ cy.get("#username-textfield").should('be.visible').type("bob");
+ cy.get("#password-textfield").type("bob");
+ cy.get("#sign-in-button").click();
+ cy.get("#accept-button").should('be.visible').click();
}
})
diff --git a/ui/src/views/User.vue b/ui/src/views/User.vue
index 5e2b8e3..3296011 100644
--- a/ui/src/views/User.vue
+++ b/ui/src/views/User.vue
@@ -61,7 +61,7 @@
-
+
{{ role }}