This is an automated email from the ASF dual-hosted git repository.
marat pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-karavan.git
commit acfcf507b7de6819f3dfa3035f1316d881e99c61
Author: Marat Gubaidullin <marat.gubaidul...@gmail.com>
AuthorDate: Tue Sep 13 15:04:56 2022 -0400
Fix #467
---
karavan-app/pom.xml | 4 +
.../org/apache/camel/karavan/api/AuthResource.java | 6 +-
.../apache/camel/karavan/service/AuthService.java | 4 +-
.../src/main/resources/application.properties | 44 +-
karavan-app/src/main/webapp/src/Logo.tsx | 4 +-
karavan-app/src/main/webapp/src/Main.tsx | 52 +-
karavan-app/src/main/webapp/src/MainLogin.tsx | 5 +-
karavan-app/src/main/webapp/src/api/KaravanApi.tsx | 117 +-
karavan-app/src/main/webapp/src/api/SsoApi.tsx | 1 +
karavan-app/src/main/webapp/src/index.css | 12 +
karavan-builder/karavan-realm.json | 1180 +++++++++-----------
karavan-builder/openshift/karavan-app.yaml | 7 +
12 files changed, 711 insertions(+), 725 deletions(-)
diff --git a/karavan-app/pom.xml b/karavan-app/pom.xml
index ba091c3..9de3545 100644
--- a/karavan-app/pom.xml
+++ b/karavan-app/pom.xml
@@ -91,6 +91,10 @@
<groupId>io.quarkus</groupId>
<artifactId>quarkus-oidc</artifactId>
</dependency>
+ <dependency>
+ <groupId>io.quarkus</groupId>
+ <artifactId>quarkus-elytron-security-properties-file</artifactId>
+ </dependency>
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-smallrye-health</artifactId>
diff --git
a/karavan-app/src/main/java/org/apache/camel/karavan/api/AuthResource.java
b/karavan-app/src/main/java/org/apache/camel/karavan/api/AuthResource.java
index ce51a63..60300fe 100644
--- a/karavan-app/src/main/java/org/apache/camel/karavan/api/AuthResource.java
+++ b/karavan-app/src/main/java/org/apache/camel/karavan/api/AuthResource.java
@@ -49,10 +49,10 @@ public class AuthResource {
}
@GET
- @Path("/sso")
+ @Path("/auth")
@Produces(MediaType.TEXT_PLAIN)
- public Response sso() throws Exception {
- return Response.ok(authService.isSSO()).build();
+ public Response authType() throws Exception {
+ return Response.ok(authService.authType()).build();
}
@GET
diff --git
a/karavan-app/src/main/java/org/apache/camel/karavan/service/AuthService.java
b/karavan-app/src/main/java/org/apache/camel/karavan/service/AuthService.java
index fb01c99..400e4f4 100644
---
a/karavan-app/src/main/java/org/apache/camel/karavan/service/AuthService.java
+++
b/karavan-app/src/main/java/org/apache/camel/karavan/service/AuthService.java
@@ -62,8 +62,8 @@ public class AuthService {
return auth.equals(basicAuth);
}
- public boolean isSSO() {
- return ConfigProvider.getConfig().getValue("quarkus.oidc.enabled",
Boolean.class);
+ public String authType() {
+ return ConfigProvider.getConfig().getValue("karavan.auth",
String.class);
}
public Map<String, String> getSsoConfig() throws MalformedURLException {
diff --git a/karavan-app/src/main/resources/application.properties
b/karavan-app/src/main/resources/application.properties
index 53eb9ee..4114c1d 100644
--- a/karavan-app/src/main/resources/application.properties
+++ b/karavan-app/src/main/resources/application.properties
@@ -59,17 +59,16 @@ quarkus.infinispan-client.auth-password=password
# Use BASIC as a Docker for Mac workaround
quarkus.infinispan-client.client-intelligence=BASIC
-# SSO
-quarkus.oidc.enabled=true
-quarkus.oidc.auth-server-url=http://localhost:8081/realms/karavan
-quarkus.oidc.client-id=karavan-backend
-quarkus.oidc.credentials.secret=AYiPVbEh2be8vWpV6QRIx3jwPPrGspNJ
-quarkus.oidc.application-type=service
-quarkus.oidc.tls.verification=none
-quarkus.oidc.roles.source=accesstoken
-quarkus.keycloak.devservices.enabled=false
+# Public
+%public.karavan.auth=public
+%public.quarkus.oidc.enabled=false
+%public.quarkus.http.auth.basic=false
+%public.quarkus.security.users.embedded.enabled=false
+%public.quarkus.http.auth.permission.authenticated.enabled=false
+%public.quarkus.http.auth.permission.public.enabled=false
+# Authentication
quarkus.http.auth.permission.authenticated.paths=/api/*
quarkus.http.auth.permission.authenticated.policy=authenticated
@@ -77,6 +76,33 @@
quarkus.http.auth.permission.public.paths=/public/*,/static/*,/*.map,/*.css,/*.j
quarkus.http.auth.permission.public.policy=permit
quarkus.http.auth.permission.public.methods=GET,HEAD,POST
+# SSO Authentication
+%oidc.quarkus.oidc.enabled=true
+%oidc.quarkus.http.auth.basic=false
+%oidc.quarkus.security.users.embedded.enabled=false
+%oidc.quarkus.oidc.auth-server-url=http://localhost:8081/realms/karavan
+%oidc.quarkus.oidc.client-id=karavan-backend
+%oidc.quarkus.oidc.credentials.secret=D1MPIzn8I5RmItgsWGlJJoqzJ7gPPjb1
+%oidc.quarkus.oidc.application-type=service
+%oidc.quarkus.oidc.tls.verification=none
+%oidc.quarkus.oidc.roles.source=accesstoken
+%oidc.quarkus.oidc.authentication.user-info-required=true
+quarkus.keycloak.devservices.enabled=false
+
+# Basic Authentication
+%basic.karavan.auth=basic
+%basic.quarkus.oidc.enabled=false
+%basic.quarkus.http.auth.basic=true
+%basic.quarkus.http.auth.permission.authenticated.enabled=true
+%basic.quarkus.http.auth.permission.public.enabled=true
+%basic.quarkus.security.users.embedded.enabled=true
+%basic.quarkus.kubernetes.env.secrets=karavan
+%basic.quarkus.kubernetes.env.mapping.master-password.from-secret=karavan
+%basic.quarkus.kubernetes.env.mapping.master-password.with-key=master-password
+%basic.quarkus.security.users.embedded.plain-text=true
+%basic.quarkus.security.users.embedded.users.admin=karavan
+%basic.quarkus.security.users.embedded.roles.admin=administrator,developer
+
# Quarkus configuration
quarkus.log.level=INFO
quarkus.banner.enabled=false
diff --git a/karavan-app/src/main/webapp/src/Logo.tsx
b/karavan-app/src/main/webapp/src/Logo.tsx
index b59e932..77e8566 100644
--- a/karavan-app/src/main/webapp/src/Logo.tsx
+++ b/karavan-app/src/main/webapp/src/Logo.tsx
@@ -1,6 +1,6 @@
import React from "react";
-function Icon() {
+function Icon(className?: string) {
return (
<svg
xmlns="http://www.w3.org/2000/svg";
@@ -11,7 +11,7 @@ function Icon() {
preserveAspectRatio="xMidYMid"
version="1.1"
viewBox="0 0 256 256"
- className="logo"
+ className={className ? className : "logo"}
>
<defs id="defs31">
<linearGradient id="linearGradient1351">
diff --git a/karavan-app/src/main/webapp/src/Main.tsx
b/karavan-app/src/main/webapp/src/Main.tsx
index 7ac92a4..166a442 100644
--- a/karavan-app/src/main/webapp/src/Main.tsx
+++ b/karavan-app/src/main/webapp/src/Main.tsx
@@ -77,9 +77,6 @@ interface State {
request: string,
filename: string,
key: string,
- isAuthorized: boolean,
- authType?: 'SSO' | 'Basic',
- me: any,
}
export class Main extends React.Component<Props, State> {
@@ -94,35 +91,41 @@ export class Main extends React.Component<Props, State> {
request: uuidv4(),
openapi: '',
filename: '',
- isAuthorized: false,
key: '',
- me: {}
};
designer = React.createRef();
componentDidMount() {
- KaravanApi.isSSO((sso: any) => {
- const isSSO = (sso === 'true' || sso === true);
- console.log("isSSO", isSSO);
- if (isSSO) {
+ KaravanApi.getAuthType((authType: string) => {
+ console.log("authType", authType);
+ if (authType === 'oidc') {
SsoApi.auth(() => {
KaravanApi.getMe((user: any) => {
console.log("me", user);
- this.setState({authType: 'SSO', me: user,
isAuthorized: true});
this.getData();
});
});
} else {
- this.setState({authType: 'Basic'});
+ this.setState({key: Math.random().toString()})
}
});
- console.log("this.state.isAuthorized", this.state.isAuthorized);
- if (this.state.isAuthorized) {
+ console.log("KaravanApi.isAuthorized", KaravanApi.isAuthorized);
+ if (KaravanApi.isAuthorized || KaravanApi.authType === 'public') {
this.getData();
}
}
+ onLogin = (username: string, password: string) => {
+ KaravanApi.auth(username, password, (res: any) => {
+ if (res?.status === 200) {
+ this.getData();
+ } else {
+ this.toast("Error", "Incorrect username and/or password!",
"danger");
+ }
+ });
+ }
+
getData() {
KaravanApi.getConfiguration((config: any) => {
this.setState({ config: config })
@@ -236,17 +239,6 @@ export class Main extends React.Component<Props, State> {
});
}
- onLogin = (username: string, password: string) => {
- KaravanApi.auth(username, password, (res: any) => {
- if (res?.status === 200) {
- this.setState({isAuthorized: true});
- this.getData();
- } else {
- this.toast("Error", "Incorrect username and/or password!",
"danger");
- }
- });
- }
-
getMain() {
return (
<>
@@ -290,16 +282,14 @@ export class Main extends React.Component<Props, State> {
}
render() {
- const {isAuthorized, authType} = this.state;
return (
<Page className="karavan">
- {authType === undefined && <Bullseye className="loading-page">
- <Spinner className="progress-stepper" isSVG
diameter="80px" aria-label="Loading...">
- {Icon()}
- </Spinner>
+ {KaravanApi.authType === undefined && <Bullseye
className="loading-page">
+ <Spinner className="spinner" isSVG diameter="140px"
aria-label="Loading..." />
+ <div className="logo-placeholder">{Icon()}</div>
</Bullseye>}
- {isAuthorized && this.getMain()}
- {!isAuthorized && authType === 'Basic' && <MainLogin
config={this.state.config} onLogin={this.onLogin}/>}
+ {KaravanApi.isAuthorized && this.getMain()}
+ {!KaravanApi.isAuthorized && KaravanApi.authType === 'basic'
&& <MainLogin config={this.state.config} onLogin={this.onLogin}/>}
{this.state.alerts.map((e: ToastMessage) => (
<Alert key={e.id} className="main-alert"
variant={e.variant} title={e.title}
timeout={e.variant === "success" ? 1000 : 2000}
diff --git a/karavan-app/src/main/webapp/src/MainLogin.tsx
b/karavan-app/src/main/webapp/src/MainLogin.tsx
index 90d7db4..7ec6fe1 100644
--- a/karavan-app/src/main/webapp/src/MainLogin.tsx
+++ b/karavan-app/src/main/webapp/src/MainLogin.tsx
@@ -1,9 +1,6 @@
import React from 'react';
import {
- Bullseye, Card, CardBody, CardFooter, CardTitle,
- LoginForm,
- LoginMainFooterBandItem,
- LoginMainFooterLinksItem, Text
+ Bullseye, Card, CardBody, CardTitle, LoginForm, Text
} from '@patternfly/react-core';
interface Props {
diff --git a/karavan-app/src/main/webapp/src/api/KaravanApi.tsx
b/karavan-app/src/main/webapp/src/api/KaravanApi.tsx
index a322662..b465c04 100644
--- a/karavan-app/src/main/webapp/src/api/KaravanApi.tsx
+++ b/karavan-app/src/main/webapp/src/api/KaravanApi.tsx
@@ -6,41 +6,77 @@ import {SsoApi} from "./SsoApi";
axios.defaults.headers.common['Accept'] = 'application/json';
axios.defaults.headers.common['Content-Type'] = 'application/json';
const instance = axios.create();
-instance.interceptors.request.use(async config => {
- config.headers = {
- 'Authorization': 'Bearer ' + SsoApi.keycloak?.token,
- }
- return config;
- },
- error => {
- Promise.reject(error)
- });
-
-instance.interceptors.response.use((response) => {
- return response
-}, async function (error) {
- const originalRequest = error.config;
- if ((error?.response?.status === 403 || error?.response?.status === 401)
&& !originalRequest._retry) {
- console.log("error", error)
- return SsoApi.keycloak?.updateToken(1).then(refreshed => {
- if (refreshed) {
- console.log('SsoApi', 'Token was successfully refreshed',
SsoApi.keycloak?.token);
- } else {
- console.log('SsoApi', 'Token is still valid');
- }
- originalRequest._retry = true;
- return instance(originalRequest);
- }).catch(reason => {
- console.log('SsoApi', 'Failed to refresh token: ' + reason);
- });
- }
- return Promise.reject(error);
-});
export class KaravanApi {
static me?: any;
- static sso: boolean = false;
+ static basicToken: string = '';
+ static authType: string = '';
+ static isAuthorized: boolean = false;
+
+ static setAuthType(authType: string) {
+ KaravanApi.authType = authType;
+ switch (authType){
+ case "public": {
+ KaravanApi.setPublicAuthentication();
+ break;
+ }
+ case "oidc": {
+ KaravanApi.setOidcAuthentication();
+ break;
+ }
+ case "basic": {
+ KaravanApi.setBasicAuthentication();
+ break;
+ }
+ }
+ }
+ static setPublicAuthentication() {
+
+ }
+ static setBasicAuthentication() {
+ instance.interceptors.request.use(async config => {
+ config.headers = {
+ 'Authorization': 'Basic ' + KaravanApi.basicToken,
+ }
+ return config;
+ },
+ error => {
+ Promise.reject(error)
+ });
+ }
+ static setOidcAuthentication() {
+ instance.interceptors.request.use(async config => {
+ config.headers = {
+ 'Authorization': 'Bearer ' + SsoApi.keycloak?.token,
+ }
+ return config;
+ },
+ error => {
+ Promise.reject(error)
+ });
+
+ instance.interceptors.response.use((response) => {
+ return response
+ }, async function (error) {
+ const originalRequest = error.config;
+ if ((error?.response?.status === 403 || error?.response?.status
=== 401) && !originalRequest._retry) {
+ console.log("error", error)
+ return SsoApi.keycloak?.updateToken(1).then(refreshed => {
+ if (refreshed) {
+ console.log('SsoApi', 'Token was successfully
refreshed', SsoApi.keycloak?.token);
+ } else {
+ console.log('SsoApi', 'Token is still valid');
+ }
+ originalRequest._retry = true;
+ return instance(originalRequest);
+ }).catch(reason => {
+ console.log('SsoApi', 'Failed to refresh token: ' +
reason);
+ });
+ }
+ return Promise.reject(error);
+ });
+ }
static async getConfig(after: (config: {}) => void) {
axios.get('/public/sso-config', {headers: {'Accept':
'application/json'}})
@@ -53,11 +89,11 @@ export class KaravanApi {
});
}
- static async isSSO(after: (config: {}) => void) {
- axios.get('/public/sso', {headers: {'Accept': 'text/plain'}})
+ static async getAuthType(after: (authType: string) => void) {
+ instance.get('/public/auth', {headers: {'Accept': 'text/plain'}})
.then(res => {
if (res.status === 200) {
- KaravanApi.sso = res.data === 'true' || res.data === true
+ KaravanApi.setAuthType(res.data);
after(res.data);
}
}).catch(err => {
@@ -66,14 +102,15 @@ export class KaravanApi {
}
static async auth(username: string, password: string, after: (res: any) =>
void) {
- const token = username + ":" + password;
- const basicAuth = "Basic " + Buffer.from(token).toString('base64');
- axios.post('/public/auth/', "",
- {headers: {Accept: 'application/json', "Content-Type":
'application/json', Authorization: basicAuth}})
+ KaravanApi.basicToken = Buffer.from(username + ":" +
password).toString('base64');
+ instance.get('/api/users/me')
.then(res => {
- after(res);
+ if (res.status === 200) {
+ KaravanApi.isAuthorized = true;
+ after(res);
+ }
}).catch(err => {
- after(err.response);
+ console.log(err);
});
}
diff --git a/karavan-app/src/main/webapp/src/api/SsoApi.tsx
b/karavan-app/src/main/webapp/src/api/SsoApi.tsx
index 321907f..9cf7660 100644
--- a/karavan-app/src/main/webapp/src/api/SsoApi.tsx
+++ b/karavan-app/src/main/webapp/src/api/SsoApi.tsx
@@ -10,6 +10,7 @@ export class SsoApi {
SsoApi.keycloak = new Keycloak({url: config.url, realm: 'karavan',
clientId: 'karavan-frontend'});
SsoApi.keycloak.init({onLoad: 'login-required', flow:
'hybrid'}).then(value => {
console.log('SsoApi', 'User is now authenticated.');
+ KaravanApi.isAuthorized = true;
after();
}).catch(reason => {
console.log('SsoApi', 'Error:', reason);
diff --git a/karavan-app/src/main/webapp/src/index.css
b/karavan-app/src/main/webapp/src/index.css
index fc76799..9ccffd9 100644
--- a/karavan-app/src/main/webapp/src/index.css
+++ b/karavan-app/src/main/webapp/src/index.css
@@ -220,4 +220,16 @@
.karavan .pf-c-code-block__code {
overflow-wrap: anywhere;
+}
+
+.karavan .loading-page .spinner {
+ position: absolute;
+}
+.karavan .loading-page .logo-placeholder {
+ position: absolute;
+ height: 100px;
+}
+
+.karavan .loading-page .logo {
+ height: 100px;
}
\ No newline at end of file
diff --git a/karavan-builder/karavan-realm.json
b/karavan-builder/karavan-realm.json
index 4037a9e..adbe1ba 100644
--- a/karavan-builder/karavan-realm.json
+++ b/karavan-builder/karavan-realm.json
@@ -1,14 +1,12 @@
{
- "id": "6562d57f-3c7a-4566-b8bb-2a38d61cafb5",
+ "id": "b10eee76-0f81-4f2c-8181-274ddaa80c8b",
"realm": "karavan",
- "displayName": "",
- "displayNameHtml": "",
"notBefore": 0,
"defaultSignatureAlgorithm": "RS256",
"revokeRefreshToken": false,
"refreshTokenMaxReuse": 0,
- "accessTokenLifespan": 60,
- "accessTokenLifespanForImplicitFlow": 60,
+ "accessTokenLifespan": 300,
+ "accessTokenLifespanForImplicitFlow": 900,
"ssoSessionIdleTimeout": 1800,
"ssoSessionMaxLifespan": 36000,
"ssoSessionIdleTimeoutRememberMe": 0,
@@ -48,16 +46,7 @@
"roles": {
"realm": [
{
- "id": "80e65103-f756-43cd-80b1-fca046f94c47",
- "name": "developer",
- "description": "",
- "composite": false,
- "clientRole": false,
- "containerId": "6562d57f-3c7a-4566-b8bb-2a38d61cafb5",
- "attributes": {}
- },
- {
- "id": "ba4d0639-c76e-4a88-99b2-b356d71d968e",
+ "id": "64099d9e-260b-424a-a680-e680b659cb82",
"name": "default-roles-karavan",
"description": "${role_default-roles}",
"composite": true,
@@ -74,266 +63,266 @@
}
},
"clientRole": false,
- "containerId": "6562d57f-3c7a-4566-b8bb-2a38d61cafb5",
+ "containerId": "b10eee76-0f81-4f2c-8181-274ddaa80c8b",
+ "attributes": {}
+ },
+ {
+ "id": "37321ab0-6fee-4e5d-966e-c110a0aecd71",
+ "name": "viewer",
+ "description": "",
+ "composite": false,
+ "clientRole": false,
+ "containerId": "b10eee76-0f81-4f2c-8181-274ddaa80c8b",
"attributes": {}
},
{
- "id": "cb1ce68b-2413-4b8a-ab21-3265d570df87",
+ "id": "a4fb5fbf-6c6d-4e7a-8b98-760826d2d6a0",
"name": "uma_authorization",
"description": "${role_uma_authorization}",
"composite": false,
"clientRole": false,
- "containerId": "6562d57f-3c7a-4566-b8bb-2a38d61cafb5",
+ "containerId": "b10eee76-0f81-4f2c-8181-274ddaa80c8b",
"attributes": {}
},
{
- "id": "3a5e8a77-30f6-410e-aaf3-360b14fef368",
+ "id": "f68425a6-4c6d-4f95-829f-2624013ede95",
"name": "administrator",
"description": "",
"composite": false,
"clientRole": false,
- "containerId": "6562d57f-3c7a-4566-b8bb-2a38d61cafb5",
+ "containerId": "b10eee76-0f81-4f2c-8181-274ddaa80c8b",
"attributes": {}
},
{
- "id": "b1892fdc-fccd-4a57-a5b3-6b6c1d9707dc",
- "name": "viewer",
+ "id": "bab2d3de-f5f0-4644-9139-dfd29d7b3869",
+ "name": "developer",
"description": "",
"composite": false,
"clientRole": false,
- "containerId": "6562d57f-3c7a-4566-b8bb-2a38d61cafb5",
+ "containerId": "b10eee76-0f81-4f2c-8181-274ddaa80c8b",
"attributes": {}
},
{
- "id": "35f77d32-b2db-4452-b461-5bf110211f3a",
+ "id": "f5531c1d-df91-4d8b-9271-ae7fc8c9ea82",
"name": "offline_access",
"description": "${role_offline-access}",
"composite": false,
"clientRole": false,
- "containerId": "6562d57f-3c7a-4566-b8bb-2a38d61cafb5",
+ "containerId": "b10eee76-0f81-4f2c-8181-274ddaa80c8b",
"attributes": {}
}
],
"client": {
- "karavan-frontend": [
+ "karavan-frontend": [],
+ "realm-management": [
{
- "id": "02f9488a-520c-4836-b495-5dc126189c50",
- "name": "uma_protection",
+ "id": "2860e147-4d65-420b-8225-57ae98c0bd22",
+ "name": "view-events",
+ "description": "${role_view-events}",
"composite": false,
"clientRole": true,
- "containerId": "8ea85c96-3fbe-4c02-8b00-43a4366f5957",
+ "containerId": "12571e88-50f6-4a71-b125-620142240fdf",
"attributes": {}
- }
- ],
- "realm-management": [
+ },
{
- "id": "52b6add0-977e-4d48-bb3f-5655907ef286",
- "name": "query-realms",
- "description": "${role_query-realms}",
+ "id": "203ac16f-64b2-45c9-8181-a744fade2341",
+ "name": "view-authorization",
+ "description": "${role_view-authorization}",
"composite": false,
"clientRole": true,
- "containerId": "0d896239-dee9-4172-a0a5-1950ab32b4ad",
+ "containerId": "12571e88-50f6-4a71-b125-620142240fdf",
"attributes": {}
},
{
- "id": "e7fb1fae-f15a-4cfa-9ae2-bf137f4a6082",
- "name": "manage-clients",
- "description": "${role_manage-clients}",
+ "id": "ba662372-5eb7-43c7-a25e-60fbb33c9525",
+ "name": "manage-authorization",
+ "description": "${role_manage-authorization}",
"composite": false,
"clientRole": true,
- "containerId": "0d896239-dee9-4172-a0a5-1950ab32b4ad",
+ "containerId": "12571e88-50f6-4a71-b125-620142240fdf",
"attributes": {}
},
{
- "id": "ffd7fe66-74a4-4312-ad2e-e6e72ac1f449",
- "name": "view-realm",
- "description": "${role_view-realm}",
+ "id": "7f9c468b-499c-4b33-8b22-2d6287277abe",
+ "name": "query-groups",
+ "description": "${role_query-groups}",
"composite": false,
"clientRole": true,
- "containerId": "0d896239-dee9-4172-a0a5-1950ab32b4ad",
+ "containerId": "12571e88-50f6-4a71-b125-620142240fdf",
"attributes": {}
},
{
- "id": "259c11f9-ab17-4dff-8160-3a200af8f508",
- "name": "manage-events",
- "description": "${role_manage-events}",
- "composite": false,
+ "id": "e6a7ae2c-54ae-4cec-8fc3-195f62b3d022",
+ "name": "view-clients",
+ "description": "${role_view-clients}",
+ "composite": true,
+ "composites": {
+ "client": {
+ "realm-management": [
+ "query-clients"
+ ]
+ }
+ },
"clientRole": true,
- "containerId": "0d896239-dee9-4172-a0a5-1950ab32b4ad",
+ "containerId": "12571e88-50f6-4a71-b125-620142240fdf",
"attributes": {}
},
{
- "id": "cc99614f-c4b0-47a1-98e0-4bd8ab7067ab",
- "name": "manage-users",
- "description": "${role_manage-users}",
+ "id": "1bf07b12-48ac-49b4-8aa3-b09d8b27b77c",
+ "name": "create-client",
+ "description": "${role_create-client}",
"composite": false,
"clientRole": true,
- "containerId": "0d896239-dee9-4172-a0a5-1950ab32b4ad",
+ "containerId": "12571e88-50f6-4a71-b125-620142240fdf",
"attributes": {}
},
{
- "id": "08956ca5-35a8-47a5-9fb5-62ed5bab8e01",
- "name": "query-clients",
- "description": "${role_query-clients}",
+ "id": "30637d4b-42cc-455d-adf5-0b093870267a",
+ "name": "manage-events",
+ "description": "${role_manage-events}",
"composite": false,
"clientRole": true,
- "containerId": "0d896239-dee9-4172-a0a5-1950ab32b4ad",
+ "containerId": "12571e88-50f6-4a71-b125-620142240fdf",
"attributes": {}
},
{
- "id": "0f59a971-8faf-4d82-87b5-665a41e4da08",
+ "id": "c24fc151-93ed-40d5-af34-a9ee0cce8a52",
"name": "manage-realm",
"description": "${role_manage-realm}",
"composite": false,
"clientRole": true,
- "containerId": "0d896239-dee9-4172-a0a5-1950ab32b4ad",
+ "containerId": "12571e88-50f6-4a71-b125-620142240fdf",
"attributes": {}
},
{
- "id": "dd499754-95e2-49a3-89b2-1762e81bd06b",
- "name": "view-clients",
- "description": "${role_view-clients}",
- "composite": true,
- "composites": {
- "client": {
- "realm-management": [
- "query-clients"
- ]
- }
- },
+ "id": "6f4cf510-bcb1-4438-8fec-9bc4f0c2e987",
+ "name": "view-realm",
+ "description": "${role_view-realm}",
+ "composite": false,
"clientRole": true,
- "containerId": "0d896239-dee9-4172-a0a5-1950ab32b4ad",
+ "containerId": "12571e88-50f6-4a71-b125-620142240fdf",
"attributes": {}
},
{
- "id": "5d141367-4900-406c-a3d7-6486e99b4633",
- "name": "query-groups",
- "description": "${role_query-groups}",
+ "id": "43228d2d-0759-46de-9d83-6f7c51eac730",
+ "name": "manage-users",
+ "description": "${role_manage-users}",
"composite": false,
"clientRole": true,
- "containerId": "0d896239-dee9-4172-a0a5-1950ab32b4ad",
+ "containerId": "12571e88-50f6-4a71-b125-620142240fdf",
"attributes": {}
},
{
- "id": "7d1ed1e2-54bc-4cc5-96b5-8f27e175864d",
- "name": "view-events",
- "description": "${role_view-events}",
+ "id": "64b3c9d4-2d6f-4eba-9a24-a85a5d77f803",
+ "name": "query-clients",
+ "description": "${role_query-clients}",
"composite": false,
"clientRole": true,
- "containerId": "0d896239-dee9-4172-a0a5-1950ab32b4ad",
+ "containerId": "12571e88-50f6-4a71-b125-620142240fdf",
"attributes": {}
},
{
- "id": "a01dc9ec-f547-4a2a-a0b4-33c842693071",
- "name": "manage-authorization",
- "description": "${role_manage-authorization}",
+ "id": "56adfdbd-5410-4389-b5c2-1f8a7059030d",
+ "name": "query-users",
+ "description": "${role_query-users}",
"composite": false,
"clientRole": true,
- "containerId": "0d896239-dee9-4172-a0a5-1950ab32b4ad",
+ "containerId": "12571e88-50f6-4a71-b125-620142240fdf",
"attributes": {}
},
{
- "id": "e8e9ce47-9fed-4b34-b336-35771c6ae89c",
+ "id": "cc834940-6a20-4c8f-9af8-575561299f23",
"name": "impersonation",
"description": "${role_impersonation}",
"composite": false,
"clientRole": true,
- "containerId": "0d896239-dee9-4172-a0a5-1950ab32b4ad",
- "attributes": {}
- },
- {
- "id": "b3982c35-e635-4fee-ba87-23d973aaf5a7",
- "name": "view-authorization",
- "description": "${role_view-authorization}",
- "composite": false,
- "clientRole": true,
- "containerId": "0d896239-dee9-4172-a0a5-1950ab32b4ad",
+ "containerId": "12571e88-50f6-4a71-b125-620142240fdf",
"attributes": {}
},
{
- "id": "1bcadccb-cb90-4a77-b220-16ad5e701d7e",
- "name": "view-identity-providers",
- "description": "${role_view-identity-providers}",
+ "id": "fd837030-ac8a-4608-9e26-6a73bc505c83",
+ "name": "manage-clients",
+ "description": "${role_manage-clients}",
"composite": false,
"clientRole": true,
- "containerId": "0d896239-dee9-4172-a0a5-1950ab32b4ad",
+ "containerId": "12571e88-50f6-4a71-b125-620142240fdf",
"attributes": {}
},
{
- "id": "4e0038b6-a8c2-4f1b-bea6-bf2afa4b707e",
- "name": "realm-admin",
- "description": "${role_realm-admin}",
+ "id": "6a17c0e3-55ee-4d98-83ac-3b2704e52c4e",
+ "name": "view-users",
+ "description": "${role_view-users}",
"composite": true,
"composites": {
"client": {
"realm-management": [
- "query-realms",
- "manage-clients",
- "view-realm",
- "manage-events",
- "manage-users",
- "query-clients",
- "manage-realm",
- "view-clients",
- "query-groups",
- "view-events",
- "manage-authorization",
- "impersonation",
- "view-identity-providers",
- "view-authorization",
- "view-users",
- "create-client",
"query-users",
- "manage-identity-providers"
+ "query-groups"
]
}
},
"clientRole": true,
- "containerId": "0d896239-dee9-4172-a0a5-1950ab32b4ad",
+ "containerId": "12571e88-50f6-4a71-b125-620142240fdf",
"attributes": {}
},
{
- "id": "c8d748c8-5864-47bd-9141-7f6a23034ac6",
- "name": "view-users",
- "description": "${role_view-users}",
+ "id": "58fd2124-2d3a-40b6-9ece-b9bfa85b39ce",
+ "name": "query-realms",
+ "description": "${role_query-realms}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "12571e88-50f6-4a71-b125-620142240fdf",
+ "attributes": {}
+ },
+ {
+ "id": "bf3c1809-138d-4698-9e20-fe962c65a6d8",
+ "name": "realm-admin",
+ "description": "${role_realm-admin}",
"composite": true,
"composites": {
"client": {
"realm-management": [
+ "view-events",
+ "view-authorization",
+ "query-groups",
+ "manage-authorization",
+ "view-clients",
+ "create-client",
+ "manage-events",
+ "view-realm",
+ "manage-realm",
+ "manage-users",
+ "query-clients",
"query-users",
- "query-groups"
+ "impersonation",
+ "view-users",
+ "manage-clients",
+ "query-realms",
+ "manage-identity-providers",
+ "view-identity-providers"
]
}
},
"clientRole": true,
- "containerId": "0d896239-dee9-4172-a0a5-1950ab32b4ad",
- "attributes": {}
- },
- {
- "id": "ffcab42b-5126-4d8a-b283-1a96338b4a41",
- "name": "create-client",
- "description": "${role_create-client}",
- "composite": false,
- "clientRole": true,
- "containerId": "0d896239-dee9-4172-a0a5-1950ab32b4ad",
+ "containerId": "12571e88-50f6-4a71-b125-620142240fdf",
"attributes": {}
},
{
- "id": "243d0070-c70d-4084-96d2-ea07541530fe",
- "name": "query-users",
- "description": "${role_query-users}",
+ "id": "2e986336-cd43-42db-b5eb-360c39154328",
+ "name": "manage-identity-providers",
+ "description": "${role_manage-identity-providers}",
"composite": false,
"clientRole": true,
- "containerId": "0d896239-dee9-4172-a0a5-1950ab32b4ad",
+ "containerId": "12571e88-50f6-4a71-b125-620142240fdf",
"attributes": {}
},
{
- "id": "0f5f4fe1-195e-4384-bb60-ed8dd4ced405",
- "name": "manage-identity-providers",
- "description": "${role_manage-identity-providers}",
+ "id": "2562f4c6-d2b0-4f57-9ca6-76a15d8bed03",
+ "name": "view-identity-providers",
+ "description": "${role_view-identity-providers}",
"composite": false,
"clientRole": true,
- "containerId": "0d896239-dee9-4172-a0a5-1950ab32b4ad",
+ "containerId": "12571e88-50f6-4a71-b125-620142240fdf",
"attributes": {}
}
],
@@ -343,91 +332,91 @@
"account-console": [],
"broker": [
{
- "id": "ab741448-d3e6-45a9-ba2d-ac1502b19631",
+ "id": "09b6e4de-e952-44a2-a859-f412cf901a64",
"name": "read-token",
"description": "${role_read-token}",
"composite": false,
"clientRole": true,
- "containerId": "37133f55-003d-4397-ad82-f5f4b7f56467",
+ "containerId": "5d1e2f07-3b9e-4990-97a3-07e808094c0f",
"attributes": {}
}
],
"account": [
{
- "id": "9dc76c56-2c0b-4867-a5f0-5d299d889a77",
- "name": "manage-consent",
- "description": "${role_manage-consent}",
+ "id": "4df65132-d8d8-4eb3-a846-5e09c2ef5be2",
+ "name": "view-profile",
+ "description": "${role_view-profile}",
+ "composite": false,
+ "clientRole": true,
+ "containerId": "ca11e1e4-6e95-40db-ba39-074ddbf1480e",
+ "attributes": {}
+ },
+ {
+ "id": "1368a981-138f-453e-a842-dfa37703ca96",
+ "name": "manage-account",
+ "description": "${role_manage-account}",
"composite": true,
"composites": {
"client": {
"account": [
- "view-consent"
+ "manage-account-links"
]
}
},
"clientRole": true,
- "containerId": "c6f5cc82-8ad4-4e91-a71f-6fc2c1b836f0",
+ "containerId": "ca11e1e4-6e95-40db-ba39-074ddbf1480e",
"attributes": {}
},
{
- "id": "8a1a8a57-7d0d-4f48-84c2-12e25070bf8c",
- "name": "view-profile",
- "description": "${role_view-profile}",
+ "id": "037b2b5a-1039-47f0-a87f-4584702f038e",
+ "name": "manage-account-links",
+ "description": "${role_manage-account-links}",
"composite": false,
"clientRole": true,
- "containerId": "c6f5cc82-8ad4-4e91-a71f-6fc2c1b836f0",
+ "containerId": "ca11e1e4-6e95-40db-ba39-074ddbf1480e",
"attributes": {}
},
{
- "id": "2777d407-4e74-431f-b1e7-dc537c4696dd",
+ "id": "57e97082-d1fb-4782-a6c2-e371ab63909a",
"name": "view-consent",
"description": "${role_view-consent}",
"composite": false,
"clientRole": true,
- "containerId": "c6f5cc82-8ad4-4e91-a71f-6fc2c1b836f0",
+ "containerId": "ca11e1e4-6e95-40db-ba39-074ddbf1480e",
"attributes": {}
},
{
- "id": "55484d01-01e2-4579-b434-e6b7992af7d8",
- "name": "view-applications",
- "description": "${role_view-applications}",
+ "id": "e7978d81-f43a-4f24-bcc7-8368c89e53d3",
+ "name": "delete-account",
+ "description": "${role_delete-account}",
"composite": false,
"clientRole": true,
- "containerId": "c6f5cc82-8ad4-4e91-a71f-6fc2c1b836f0",
+ "containerId": "ca11e1e4-6e95-40db-ba39-074ddbf1480e",
"attributes": {}
},
{
- "id": "88511016-8fe9-46ab-9a00-880e8afcd11e",
- "name": "delete-account",
- "description": "${role_delete-account}",
+ "id": "2ac53cec-4e99-457c-997e-947b973fe5e7",
+ "name": "view-applications",
+ "description": "${role_view-applications}",
"composite": false,
"clientRole": true,
- "containerId": "c6f5cc82-8ad4-4e91-a71f-6fc2c1b836f0",
+ "containerId": "ca11e1e4-6e95-40db-ba39-074ddbf1480e",
"attributes": {}
},
{
- "id": "2bfb99b4-a3bb-44ec-9368-cd743c6e6736",
- "name": "manage-account",
- "description": "${role_manage-account}",
+ "id": "214bd5dd-d598-4607-93b0-f9c801989995",
+ "name": "manage-consent",
+ "description": "${role_manage-consent}",
"composite": true,
"composites": {
"client": {
"account": [
- "manage-account-links"
+ "view-consent"
]
}
},
"clientRole": true,
- "containerId": "c6f5cc82-8ad4-4e91-a71f-6fc2c1b836f0",
- "attributes": {}
- },
- {
- "id": "baa20014-1019-4ea2-9f5a-0aaa9ad387b5",
- "name": "manage-account-links",
- "description": "${role_manage-account-links}",
- "composite": false,
- "clientRole": true,
- "containerId": "c6f5cc82-8ad4-4e91-a71f-6fc2c1b836f0",
+ "containerId": "ca11e1e4-6e95-40db-ba39-074ddbf1480e",
"attributes": {}
}
]
@@ -435,7 +424,7 @@
},
"groups": [
{
- "id": "4d80db18-4945-4128-9b45-27f6f8b1bd09",
+ "id": "52129cde-dc69-43f8-9488-a81e69dd0183",
"name": "administrators",
"path": "/administrators",
"attributes": {},
@@ -446,7 +435,7 @@
"subGroups": []
},
{
- "id": "c22cf3c5-9bb0-4f50-b5b5-2dceeacbc001",
+ "id": "65c5cc91-bcb0-4286-a21b-0810929fa209",
"name": "developers",
"path": "/developers",
"attributes": {},
@@ -457,7 +446,7 @@
"subGroups": []
},
{
- "id": "e657b3af-973b-489e-84b2-43ebd892004f",
+ "id": "82fb26da-6220-4c7b-85dc-07e09d5bd1e8",
"name": "viewers",
"path": "/viewers",
"attributes": {},
@@ -469,12 +458,12 @@
}
],
"defaultRole": {
- "id": "ba4d0639-c76e-4a88-99b2-b356d71d968e",
+ "id": "64099d9e-260b-424a-a680-e680b659cb82",
"name": "default-roles-karavan",
"description": "${role_default-roles}",
"composite": true,
"clientRole": false,
- "containerId": "6562d57f-3c7a-4566-b8bb-2a38d61cafb5"
+ "containerId": "b10eee76-0f81-4f2c-8181-274ddaa80c8b"
},
"requiredCredentials": [
"password"
@@ -519,14 +508,6 @@
"roles": [
"offline_access"
]
- },
- {
- "clientScope": "roles",
- "roles": [
- "viewer",
- "administrator",
- "developer"
- ]
}
],
"clientScopeMappings": {
@@ -541,7 +522,7 @@
},
"clients": [
{
- "id": "c6f5cc82-8ad4-4e91-a71f-6fc2c1b836f0",
+ "id": "ca11e1e4-6e95-40db-ba39-074ddbf1480e",
"clientId": "account",
"name": "${client_account}",
"rootUrl": "${authBaseUrl}",
@@ -573,8 +554,8 @@
"defaultClientScopes": [
"web-origins",
"acr",
- "profile",
"roles",
+ "profile",
"email"
],
"optionalClientScopes": [
@@ -585,7 +566,7 @@
]
},
{
- "id": "0df3fbc3-7bf8-4170-8d77-704956948ccd",
+ "id": "ad3f42ef-afc4-41e8-8b19-a91940d04288",
"clientId": "account-console",
"name": "${client_account-console}",
"rootUrl": "${authBaseUrl}",
@@ -617,7 +598,7 @@
"nodeReRegistrationTimeout": 0,
"protocolMappers": [
{
- "id": "9fa808dc-9d16-44bf-ae2b-3d130e1419d8",
+ "id": "041142dc-8cbe-42b5-bf43-e43bb743f2a4",
"name": "audience resolve",
"protocol": "openid-connect",
"protocolMapper": "oidc-audience-resolve-mapper",
@@ -628,8 +609,8 @@
"defaultClientScopes": [
"web-origins",
"acr",
- "profile",
"roles",
+ "profile",
"email"
],
"optionalClientScopes": [
@@ -640,7 +621,7 @@
]
},
{
- "id": "cd5e1900-6a4d-4a18-925b-06860c64f374",
+ "id": "188d8f7e-9fa4-4a14-b535-52884817b65e",
"clientId": "admin-cli",
"name": "${client_admin-cli}",
"surrogateAuthRequired": false,
@@ -666,8 +647,8 @@
"defaultClientScopes": [
"web-origins",
"acr",
- "profile",
"roles",
+ "profile",
"email"
],
"optionalClientScopes": [
@@ -678,7 +659,7 @@
]
},
{
- "id": "37133f55-003d-4397-ad82-f5f4b7f56467",
+ "id": "5d1e2f07-3b9e-4990-97a3-07e808094c0f",
"clientId": "broker",
"name": "${client_broker}",
"surrogateAuthRequired": false,
@@ -704,8 +685,8 @@
"defaultClientScopes": [
"web-origins",
"acr",
- "profile",
"roles",
+ "profile",
"email"
],
"optionalClientScopes": [
@@ -716,7 +697,7 @@
]
},
{
- "id": "4a667224-8418-4877-a4e4-d3362b994b6a",
+ "id": "5bee4d24-d059-4f5d-9544-0b45bbbb30c0",
"clientId": "karavan-backend",
"name": "karavan-backend",
"description": "",
@@ -725,7 +706,7 @@
"baseUrl": "http://localhost:8080";,
"surrogateAuthRequired": false,
"enabled": true,
- "alwaysDisplayInConsole": false,
+ "alwaysDisplayInConsole": true,
"clientAuthenticatorType": "client-secret",
"secret": "**********",
"redirectUris": [
@@ -738,7 +719,7 @@
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
- "implicitFlowEnabled": false,
+ "implicitFlowEnabled": true,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": false,
@@ -746,8 +727,9 @@
"protocol": "openid-connect",
"attributes": {
"oidc.ciba.grant.enabled": "false",
- "client.secret.creation.time": "1662565636",
+ "client.secret.creation.time": "1663013323",
"backchannel.logout.session.required": "true",
+ "post.logout.redirect.uris": "+",
"display.on.consent.screen": "false",
"oauth2.device.authorization.grant.enabled": "false",
"backchannel.logout.revoke.offline.tokens": "false"
@@ -758,8 +740,8 @@
"defaultClientScopes": [
"web-origins",
"acr",
- "profile",
"roles",
+ "profile",
"email"
],
"optionalClientScopes": [
@@ -770,7 +752,7 @@
]
},
{
- "id": "8ea85c96-3fbe-4c02-8b00-43a4366f5957",
+ "id": "0eb6c71c-a4c3-45bd-a33e-af92a30d665f",
"clientId": "karavan-frontend",
"name": "karavan-frontend",
"description": "",
@@ -782,8 +764,7 @@
"alwaysDisplayInConsole": true,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
- "http://localhost:8080/*";,
- "http://localhost:8080";
+ "http://localhost:8080/*";
],
"webOrigins": [
"*"
@@ -799,71 +780,21 @@
"frontchannelLogout": true,
"protocol": "openid-connect",
"attributes": {
- "client.secret.creation.time": "1662491799",
- "oauth2.device.authorization.grant.enabled": "false",
- "backchannel.logout.revoke.offline.tokens": "false",
- "use.refresh.tokens": "true",
- "tls-client-certificate-bound-access-tokens": "false",
"oidc.ciba.grant.enabled": "false",
"backchannel.logout.session.required": "true",
- "client_credentials.use_refresh_token": "false",
- "acr.loa.map": "{}",
- "require.pushed.authorization.requests": "false",
+ "post.logout.redirect.uris": "+",
"display.on.consent.screen": "false",
- "token.response.type.bearer.lower-case": "false"
+ "oauth2.device.authorization.grant.enabled": "false",
+ "backchannel.logout.revoke.offline.tokens": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
- "protocolMappers": [
- {
- "id": "7fd86114-d7c8-44f3-85e8-6521f427a8cf",
- "name": "Client Host",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usersessionmodel-note-mapper",
- "consentRequired": false,
- "config": {
- "user.session.note": "clientHost",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "clientHost",
- "jsonType.label": "String"
- }
- },
- {
- "id": "46199aae-a84d-429f-a3dd-f60a0189f672",
- "name": "Client ID",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usersessionmodel-note-mapper",
- "consentRequired": false,
- "config": {
- "user.session.note": "clientId",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "clientId",
- "jsonType.label": "String"
- }
- },
- {
- "id": "06273632-b6f4-4931-933c-f7f86a5e9e2c",
- "name": "Client IP Address",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-usersessionmodel-note-mapper",
- "consentRequired": false,
- "config": {
- "user.session.note": "clientAddress",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "clientAddress",
- "jsonType.label": "String"
- }
- }
- ],
"defaultClientScopes": [
"web-origins",
"acr",
- "profile",
"roles",
+ "profile",
"email"
],
"optionalClientScopes": [
@@ -874,7 +805,7 @@
]
},
{
- "id": "0d896239-dee9-4172-a0a5-1950ab32b4ad",
+ "id": "12571e88-50f6-4a71-b125-620142240fdf",
"clientId": "realm-management",
"name": "${client_realm-management}",
"surrogateAuthRequired": false,
@@ -900,8 +831,8 @@
"defaultClientScopes": [
"web-origins",
"acr",
- "profile",
"roles",
+ "profile",
"email"
],
"optionalClientScopes": [
@@ -912,7 +843,7 @@
]
},
{
- "id": "2cb7dddf-ca0b-4d0b-98ea-18085c061206",
+ "id": "627b059f-d23d-475a-8ac1-34f35f5a3653",
"clientId": "security-admin-console",
"name": "${client_security-admin-console}",
"rootUrl": "${authAdminUrl}",
@@ -946,7 +877,7 @@
"nodeReRegistrationTimeout": 0,
"protocolMappers": [
{
- "id": "7697e393-836b-4e4c-9c87-0bfafc6d3345",
+ "id": "21c4a7aa-cb25-4bd6-8517-3d5eaf26870a",
"name": "locale",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
@@ -964,8 +895,8 @@
"defaultClientScopes": [
"web-origins",
"acr",
- "profile",
"roles",
+ "profile",
"email"
],
"optionalClientScopes": [
@@ -978,242 +909,319 @@
],
"clientScopes": [
{
- "id": "dd806da8-202e-4634-a3d4-51546e23cd03",
- "name": "address",
- "description": "OpenID Connect built-in scope: address",
+ "id": "a113c0b8-bc1e-4ab0-b36a-614f8767573d",
+ "name": "email",
+ "description": "OpenID Connect built-in scope: email",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true",
- "consent.screen.text": "${addressScopeConsentText}"
+ "consent.screen.text": "${emailScopeConsentText}"
},
"protocolMappers": [
{
- "id": "44ea8214-88c3-4c01-94a7-449f2b1b5f97",
- "name": "address",
+ "id": "f0d933c3-8a61-4c45-8021-dd2ecd2656cc",
+ "name": "email verified",
"protocol": "openid-connect",
- "protocolMapper": "oidc-address-mapper",
+ "protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
- "user.attribute.formatted": "formatted",
- "user.attribute.country": "country",
- "user.attribute.postal_code": "postal_code",
"userinfo.token.claim": "true",
- "user.attribute.street": "street",
+ "user.attribute": "emailVerified",
"id.token.claim": "true",
- "user.attribute.region": "region",
"access.token.claim": "true",
- "user.attribute.locality": "locality"
+ "claim.name": "email_verified",
+ "jsonType.label": "boolean"
}
- }
- ]
- },
- {
- "id": "c7bc8212-7604-485d-a764-57b35d5393ab",
- "name": "offline_access",
- "description": "OpenID Connect built-in scope: offline_access",
- "protocol": "openid-connect",
- "attributes": {
- "consent.screen.text": "${offlineAccessScopeConsentText}",
- "display.on.consent.screen": "true"
- }
- },
- {
- "id": "dd49f4b3-7a6d-4ddb-83d0-7c1e113596d2",
- "name": "web-origins",
- "description": "OpenID Connect scope for add allowed web origins to the
access token",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "false",
- "display.on.consent.screen": "false",
- "consent.screen.text": ""
- },
- "protocolMappers": [
+ },
{
- "id": "aea5ed66-c89b-46ce-ae1c-740f23029f11",
- "name": "allowed web origins",
+ "id": "dbebdc1c-173b-4c04-8875-bc3ff8a13422",
+ "name": "email",
"protocol": "openid-connect",
- "protocolMapper": "oidc-allowed-origins-mapper",
+ "protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
- "config": {}
+ "config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "email",
+ "id.token.claim": "true",
+ "access.token.claim": "true",
+ "claim.name": "email",
+ "jsonType.label": "String"
+ }
}
]
},
{
- "id": "ace6f66a-6aec-43ef-92ce-e37a2efafce6",
- "name": "microprofile-jwt",
- "description": "Microprofile - JWT built-in scope",
+ "id": "802cd886-e8bf-4e82-aee3-006e20036e9d",
+ "name": "phone",
+ "description": "OpenID Connect built-in scope: phone",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
- "display.on.consent.screen": "false"
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${phoneScopeConsentText}"
},
"protocolMappers": [
{
- "id": "ddf30129-fd95-49c1-8b6d-436b4fb4eab3",
- "name": "upn",
+ "id": "3789ae87-00fd-4ce1-8d1b-7d23b620d433",
+ "name": "phone number",
"protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-property-mapper",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
- "user.attribute": "username",
+ "user.attribute": "phoneNumber",
"id.token.claim": "true",
"access.token.claim": "true",
- "claim.name": "upn",
+ "claim.name": "phone_number",
"jsonType.label": "String"
}
},
{
- "id": "8df62edc-1000-49b9-99de-47832487443a",
- "name": "groups",
+ "id": "b43576e5-3246-449c-8ff6-6a79a4c700a5",
+ "name": "phone number verified",
"protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-realm-role-mapper",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
- "multivalued": "true",
- "user.attribute": "foo",
+ "userinfo.token.claim": "true",
+ "user.attribute": "phoneNumberVerified",
"id.token.claim": "true",
"access.token.claim": "true",
- "claim.name": "groups",
- "jsonType.label": "String"
+ "claim.name": "phone_number_verified",
+ "jsonType.label": "boolean"
}
}
]
},
{
- "id": "95f701eb-c024-42dd-84d8-023cc48f41ce",
- "name": "profile",
- "description": "OpenID Connect built-in scope: profile",
+ "id": "cd5769c2-0ca4-4c86-b749-f3f289fcf7a9",
+ "name": "acr",
+ "description": "OpenID Connect scope for add acr (authentication context
class reference) to the token",
"protocol": "openid-connect",
"attributes": {
- "include.in.token.scope": "true",
- "display.on.consent.screen": "true",
- "consent.screen.text": "${profileScopeConsentText}"
+ "include.in.token.scope": "false",
+ "display.on.consent.screen": "false"
},
"protocolMappers": [
{
- "id": "b2c3017f-f732-4a5f-85fb-e00015e318ff",
- "name": "middle name",
+ "id": "1bde4c85-116c-4820-a8f3-03aaab00f453",
+ "name": "acr loa level",
"protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "protocolMapper": "oidc-acr-mapper",
"consentRequired": false,
"config": {
- "userinfo.token.claim": "true",
- "user.attribute": "middleName",
"id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "middle_name",
- "jsonType.label": "String"
+ "access.token.claim": "true"
}
- },
+ }
+ ]
+ },
+ {
+ "id": "ac7d53ef-8387-4d60-9fdf-30fc4fe4ae9b",
+ "name": "roles",
+ "description": "OpenID Connect scope for add user roles to the access
token",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "false",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${rolesScopeConsentText}"
+ },
+ "protocolMappers": [
{
- "id": "92399b90-4045-4e08-9cbe-859a888db49f",
- "name": "username",
+ "id": "08129aa4-bcd7-4eb7-9b84-96d0696f0f97",
+ "name": "client roles",
"protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-property-mapper",
+ "protocolMapper": "oidc-usermodel-client-role-mapper",
"consentRequired": false,
"config": {
- "userinfo.token.claim": "true",
- "user.attribute": "username",
- "id.token.claim": "true",
+ "user.attribute": "foo",
"access.token.claim": "true",
- "claim.name": "preferred_username",
- "jsonType.label": "String"
+ "claim.name": "resource_access.${client_id}.roles",
+ "jsonType.label": "String",
+ "multivalued": "true"
}
},
{
- "id": "65cffabe-4352-454f-b055-8559fdcf5e72",
- "name": "picture",
+ "id": "d5b145fd-0f7c-44a6-98ca-11eff10d2c6c",
+ "name": "audience resolve",
"protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "protocolMapper": "oidc-audience-resolve-mapper",
"consentRequired": false,
- "config": {
- "userinfo.token.claim": "true",
- "user.attribute": "picture",
- "id.token.claim": "true",
- "access.token.claim": "true",
- "claim.name": "picture",
- "jsonType.label": "String"
- }
+ "config": {}
},
{
- "id": "68636224-a156-42a3-9e59-cf9aa1b25d1d",
- "name": "zoneinfo",
+ "id": "40a3d7da-f9db-4d5f-b16a-1b0f69c285f6",
+ "name": "realm roles",
"protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
- "userinfo.token.claim": "true",
- "user.attribute": "zoneinfo",
- "id.token.claim": "true",
+ "user.attribute": "foo",
"access.token.claim": "true",
- "claim.name": "zoneinfo",
- "jsonType.label": "String"
+ "claim.name": "realm_access.roles",
+ "jsonType.label": "String",
+ "multivalued": "true"
}
- },
+ }
+ ]
+ },
+ {
+ "id": "681d0e74-67f9-4ab9-99a5-7373785a2b69",
+ "name": "address",
+ "description": "OpenID Connect built-in scope: address",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${addressScopeConsentText}"
+ },
+ "protocolMappers": [
{
- "id": "13c8c9cb-484e-4f50-a31b-5c76ceb0755a",
- "name": "updated at",
+ "id": "5ad584c7-682f-4d4d-ba74-7e07977bfd79",
+ "name": "address",
"protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "protocolMapper": "oidc-address-mapper",
"consentRequired": false,
"config": {
+ "user.attribute.formatted": "formatted",
+ "user.attribute.country": "country",
+ "user.attribute.postal_code": "postal_code",
"userinfo.token.claim": "true",
- "user.attribute": "updatedAt",
+ "user.attribute.street": "street",
"id.token.claim": "true",
+ "user.attribute.region": "region",
"access.token.claim": "true",
- "claim.name": "updated_at",
- "jsonType.label": "long"
+ "user.attribute.locality": "locality"
}
- },
+ }
+ ]
+ },
+ {
+ "id": "6a1dacc6-333b-4060-a96b-6c0af25324f2",
+ "name": "offline_access",
+ "description": "OpenID Connect built-in scope: offline_access",
+ "protocol": "openid-connect",
+ "attributes": {
+ "consent.screen.text": "${offlineAccessScopeConsentText}",
+ "display.on.consent.screen": "true"
+ }
+ },
+ {
+ "id": "b95eebf2-a32d-477e-a2b4-7324669aaea7",
+ "name": "microprofile-jwt",
+ "description": "Microprofile - JWT built-in scope",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "false"
+ },
+ "protocolMappers": [
{
- "id": "4fb5cbc4-caf1-4d04-aeae-d477acd8a9f4",
- "name": "locale",
+ "id": "8495d442-b5a3-4a8e-999c-87ac5d3c4d05",
+ "name": "groups",
"protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
- "userinfo.token.claim": "true",
- "user.attribute": "locale",
+ "multivalued": "true",
+ "user.attribute": "foo",
"id.token.claim": "true",
"access.token.claim": "true",
- "claim.name": "locale",
+ "claim.name": "groups",
"jsonType.label": "String"
}
},
{
- "id": "9c8a587d-000d-4fed-a3f5-674d200fe1d2",
- "name": "birthdate",
+ "id": "ee9c34d7-8260-45e3-b4f8-28515670da37",
+ "name": "upn",
"protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
- "user.attribute": "birthdate",
+ "user.attribute": "username",
"id.token.claim": "true",
"access.token.claim": "true",
- "claim.name": "birthdate",
+ "claim.name": "upn",
"jsonType.label": "String"
}
- },
+ }
+ ]
+ },
+ {
+ "id": "5b6f30e5-aa46-4ecb-9b9d-bcf53fcccb12",
+ "name": "web-origins",
+ "description": "OpenID Connect scope for add allowed web origins to the
access token",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "false",
+ "display.on.consent.screen": "false",
+ "consent.screen.text": ""
+ },
+ "protocolMappers": [
{
- "id": "11e05080-517e-4ae7-8a82-40ce6d91cd0f",
- "name": "family name",
+ "id": "0bc20cb4-ca62-45da-aaa2-68d8689743bd",
+ "name": "allowed web origins",
"protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-property-mapper",
+ "protocolMapper": "oidc-allowed-origins-mapper",
+ "consentRequired": false,
+ "config": {}
+ }
+ ]
+ },
+ {
+ "id": "f298e90a-711a-4459-b5ef-904bd1103046",
+ "name": "role_list",
+ "description": "SAML role list",
+ "protocol": "saml",
+ "attributes": {
+ "consent.screen.text": "${samlRoleListScopeConsentText}",
+ "display.on.consent.screen": "true"
+ },
+ "protocolMappers": [
+ {
+ "id": "e15f1915-2af8-4233-8544-e3e507d07be1",
+ "name": "role list",
+ "protocol": "saml",
+ "protocolMapper": "saml-role-list-mapper",
+ "consentRequired": false,
+ "config": {
+ "single": "false",
+ "attribute.nameformat": "Basic",
+ "attribute.name": "Role"
+ }
+ }
+ ]
+ },
+ {
+ "id": "67775ff3-c702-4fe0-b79d-c3e4f729e384",
+ "name": "profile",
+ "description": "OpenID Connect built-in scope: profile",
+ "protocol": "openid-connect",
+ "attributes": {
+ "include.in.token.scope": "true",
+ "display.on.consent.screen": "true",
+ "consent.screen.text": "${profileScopeConsentText}"
+ },
+ "protocolMappers": [
+ {
+ "id": "067762ff-5f92-4657-9978-66a24e8bca5c",
+ "name": "nickname",
+ "protocol": "openid-connect",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
- "user.attribute": "lastName",
+ "user.attribute": "nickname",
"id.token.claim": "true",
"access.token.claim": "true",
- "claim.name": "family_name",
+ "claim.name": "nickname",
"jsonType.label": "String"
}
},
{
- "id": "50c924ed-a1a9-4dc5-bd89-6299651c63aa",
+ "id": "34be5b14-05a6-4c6c-a40b-9ad96ba3c942",
"name": "given name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
@@ -1228,22 +1236,22 @@
}
},
{
- "id": "cbe0f591-d373-4121-a8d4-a9c578002811",
- "name": "profile",
+ "id": "dcada92a-ee58-4501-b242-5b47e91718e8",
+ "name": "updated at",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
- "user.attribute": "profile",
+ "user.attribute": "updatedAt",
"id.token.claim": "true",
"access.token.claim": "true",
- "claim.name": "profile",
- "jsonType.label": "String"
+ "claim.name": "updated_at",
+ "jsonType.label": "long"
}
},
{
- "id": "324abe97-3d66-4ed9-b3e2-4f9266d7e88d",
+ "id": "1459151f-ed97-4d92-8db1-c0b93406d6f4",
"name": "gender",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
@@ -1258,34 +1266,37 @@
}
},
{
- "id": "fef27669-7928-4d89-b1c8-87622b60985d",
- "name": "full name",
+ "id": "a3ef1152-17b3-4b15-8db6-094db3b8aaf1",
+ "name": "username",
"protocol": "openid-connect",
- "protocolMapper": "oidc-full-name-mapper",
+ "protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "username",
"id.token.claim": "true",
"access.token.claim": "true",
- "userinfo.token.claim": "true"
+ "claim.name": "preferred_username",
+ "jsonType.label": "String"
}
},
{
- "id": "75a5730e-4f44-4a79-a55c-a19c57ac5ac7",
- "name": "nickname",
+ "id": "931e5c9d-eee7-438f-9df6-1d9bae4ecd89",
+ "name": "family name",
"protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-attribute-mapper",
+ "protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
- "user.attribute": "nickname",
+ "user.attribute": "lastName",
"id.token.claim": "true",
"access.token.claim": "true",
- "claim.name": "nickname",
+ "claim.name": "family_name",
"jsonType.label": "String"
}
},
{
- "id": "d9ba2a3c-dcec-4ece-9255-b8f066123dd8",
+ "id": "fa2c462b-ef66-4c51-9899-c618360a7491",
"name": "website",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
@@ -1298,204 +1309,123 @@
"claim.name": "website",
"jsonType.label": "String"
}
- }
- ]
- },
- {
- "id": "798cc16d-16a7-410c-b9ba-d8f9ef830612",
- "name": "role_list",
- "description": "SAML role list",
- "protocol": "saml",
- "attributes": {
- "consent.screen.text": "${samlRoleListScopeConsentText}",
- "display.on.consent.screen": "true"
- },
- "protocolMappers": [
- {
- "id": "127230d4-d4ef-44a9-ab7c-9479c1f033ab",
- "name": "role list",
- "protocol": "saml",
- "protocolMapper": "saml-role-list-mapper",
- "consentRequired": false,
- "config": {
- "single": "false",
- "attribute.nameformat": "Basic",
- "attribute.name": "Role"
- }
- }
- ]
- },
- {
- "id": "53ae60a7-bf41-4854-a1bd-b63454a059b6",
- "name": "phone",
- "description": "OpenID Connect built-in scope: phone",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "true",
- "display.on.consent.screen": "true",
- "consent.screen.text": "${phoneScopeConsentText}"
- },
- "protocolMappers": [
+ },
{
- "id": "17a4dec3-3f19-4b30-8eba-16c2291c433f",
- "name": "phone number",
+ "id": "1acf0982-093e-40fd-bb56-d61b190da34f",
+ "name": "birthdate",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
- "user.attribute": "phoneNumber",
+ "user.attribute": "birthdate",
"id.token.claim": "true",
"access.token.claim": "true",
- "claim.name": "phone_number",
+ "claim.name": "birthdate",
"jsonType.label": "String"
}
},
{
- "id": "0a846ed5-04e0-4bd5-8477-513f2447e914",
- "name": "phone number verified",
+ "id": "1cea29f7-b840-4ee9-bbc9-e9c987225384",
+ "name": "zoneinfo",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
- "user.attribute": "phoneNumberVerified",
+ "user.attribute": "zoneinfo",
"id.token.claim": "true",
"access.token.claim": "true",
- "claim.name": "phone_number_verified",
- "jsonType.label": "boolean"
+ "claim.name": "zoneinfo",
+ "jsonType.label": "String"
}
- }
- ]
- },
- {
- "id": "64a778e1-9a72-4bbe-89e1-bef28640f368",
- "name": "acr",
- "description": "OpenID Connect scope for add acr (authentication context
class reference) to the token",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "false",
- "display.on.consent.screen": "false"
- },
- "protocolMappers": [
+ },
{
- "id": "d91e3d52-bb5b-4737-9f5b-38385a8580fb",
- "name": "acr loa level",
+ "id": "4a2b4a1c-43bf-4efe-88af-c18dd3c04340",
+ "name": "picture",
"protocol": "openid-connect",
- "protocolMapper": "oidc-acr-mapper",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
+ "userinfo.token.claim": "true",
+ "user.attribute": "picture",
"id.token.claim": "true",
- "access.token.claim": "true"
+ "access.token.claim": "true",
+ "claim.name": "picture",
+ "jsonType.label": "String"
}
- }
- ]
- },
- {
- "id": "19a4d6fa-f94d-4752-bf26-e1d9a374c87a",
- "name": "email",
- "description": "OpenID Connect built-in scope: email",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "true",
- "display.on.consent.screen": "true",
- "consent.screen.text": "${emailScopeConsentText}"
- },
- "protocolMappers": [
+ },
{
- "id": "5b29de61-7888-418c-a70c-9934dcc473b6",
- "name": "email verified",
+ "id": "17c30350-6175-4cd5-b289-b03554ae2130",
+ "name": "full name",
"protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-property-mapper",
+ "protocolMapper": "oidc-full-name-mapper",
"consentRequired": false,
"config": {
- "userinfo.token.claim": "true",
- "user.attribute": "emailVerified",
"id.token.claim": "true",
"access.token.claim": "true",
- "claim.name": "email_verified",
- "jsonType.label": "boolean"
+ "userinfo.token.claim": "true"
}
},
{
- "id": "36dff379-0b42-46b3-a90e-72ebc7d8a12e",
- "name": "email",
+ "id": "b00cb213-a021-4c7d-bf8f-8b71a9a92fd8",
+ "name": "middle name",
"protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-property-mapper",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
- "user.attribute": "email",
+ "user.attribute": "middleName",
"id.token.claim": "true",
"access.token.claim": "true",
- "claim.name": "email",
+ "claim.name": "middle_name",
"jsonType.label": "String"
}
- }
- ]
- },
- {
- "id": "ccf6db1c-8b37-48be-b752-0517bfa382f7",
- "name": "roles",
- "description": "OpenID Connect scope for add user roles to the access
token",
- "protocol": "openid-connect",
- "attributes": {
- "include.in.token.scope": "false",
- "display.on.consent.screen": "true",
- "gui.order": "",
- "consent.screen.text": "${rolesScopeConsentText}"
- },
- "protocolMappers": [
+ },
{
- "id": "9c61b306-60d5-4c39-ae4c-aabca433733e",
- "name": "realm roles",
+ "id": "935820a0-6824-4146-bd9d-fe93b9fa0351",
+ "name": "profile",
"protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-realm-role-mapper",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
- "user.attribute": "foo",
+ "userinfo.token.claim": "true",
+ "user.attribute": "profile",
+ "id.token.claim": "true",
"access.token.claim": "true",
- "claim.name": "realm_access.roles",
- "jsonType.label": "String",
- "multivalued": "true"
+ "claim.name": "profile",
+ "jsonType.label": "String"
}
},
{
- "id": "1f5da035-f052-4f52-90a7-fca3f110e4a3",
- "name": "audience resolve",
- "protocol": "openid-connect",
- "protocolMapper": "oidc-audience-resolve-mapper",
- "consentRequired": false,
- "config": {}
- },
- {
- "id": "537e969c-747a-4e0e-8a11-0e56fdd0d099",
- "name": "client roles",
+ "id": "d047a71c-08c5-4949-b7ec-0b99fbceb070",
+ "name": "locale",
"protocol": "openid-connect",
- "protocolMapper": "oidc-usermodel-client-role-mapper",
+ "protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
- "user.attribute": "foo",
+ "userinfo.token.claim": "true",
+ "user.attribute": "locale",
+ "id.token.claim": "true",
"access.token.claim": "true",
- "claim.name": "resource_access.${client_id}.roles",
- "jsonType.label": "String",
- "multivalued": "true"
+ "claim.name": "locale",
+ "jsonType.label": "String"
}
}
]
}
],
"defaultDefaultClientScopes": [
- "role_list",
+ "web-origins",
"profile",
"email",
- "web-origins",
+ "roles",
"acr",
- "roles"
+ "role_list"
],
"defaultOptionalClientScopes": [
- "offline_access",
"address",
+ "offline_access",
"phone",
"microprofile-jwt"
],
@@ -1521,27 +1451,26 @@
"components": {
"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
{
- "id": "e4748767-37fc-4271-98ca-8b721557daf3",
- "name": "Full Scope Disabled",
- "providerId": "scope",
- "subType": "anonymous",
- "subComponents": {},
- "config": {}
- },
- {
- "id": "adacec82-8271-4c5d-aa8c-88e62a371cba",
- "name": "Max Clients Limit",
- "providerId": "max-clients",
+ "id": "38573725-ded6-4118-be29-0c182be0f040",
+ "name": "Allowed Protocol Mapper Types",
+ "providerId": "allowed-protocol-mappers",
"subType": "anonymous",
"subComponents": {},
"config": {
- "max-clients": [
- "200"
+ "allowed-protocol-mapper-types": [
+ "saml-user-attribute-mapper",
+ "oidc-usermodel-property-mapper",
+ "oidc-usermodel-attribute-mapper",
+ "oidc-sha256-pairwise-sub-mapper",
+ "oidc-full-name-mapper",
+ "saml-role-list-mapper",
+ "saml-user-property-mapper",
+ "oidc-address-mapper"
]
}
},
{
- "id": "fd2ae24c-818d-4638-abd7-2042e4cce269",
+ "id": "4c7ab19c-67eb-47ad-a1da-616c7d697663",
"name": "Allowed Client Scopes",
"providerId": "allowed-client-templates",
"subType": "anonymous",
@@ -1553,15 +1482,7 @@
}
},
{
- "id": "2591ed13-a8e9-401f-a0cd-59bdc4735adf",
- "name": "Consent Required",
- "providerId": "consent-required",
- "subType": "anonymous",
- "subComponents": {},
- "config": {}
- },
- {
- "id": "8eed841e-6201-401e-807b-5044d00a1c04",
+ "id": "ab7ce07b-7ecd-4b73-af68-0389306afd2c",
"name": "Trusted Hosts",
"providerId": "trusted-hosts",
"subType": "anonymous",
@@ -1576,45 +1497,54 @@
}
},
{
- "id": "b27ba27c-6e18-479a-8f40-3c4615e608dc",
- "name": "Allowed Protocol Mapper Types",
- "providerId": "allowed-protocol-mappers",
- "subType": "authenticated",
+ "id": "ebc72a86-ef28-4bf3-882c-4e8e7311f4ed",
+ "name": "Max Clients Limit",
+ "providerId": "max-clients",
+ "subType": "anonymous",
"subComponents": {},
"config": {
- "allowed-protocol-mapper-types": [
- "oidc-usermodel-attribute-mapper",
- "saml-user-property-mapper",
- "oidc-full-name-mapper",
- "oidc-usermodel-property-mapper",
- "saml-user-attribute-mapper",
- "oidc-sha256-pairwise-sub-mapper",
- "oidc-address-mapper",
- "saml-role-list-mapper"
+ "max-clients": [
+ "200"
]
}
},
{
- "id": "092df6ca-650c-4469-a839-090bc1b6d22c",
+ "id": "6a5c7dbe-c086-4ebb-a749-ae3386cbbe97",
"name": "Allowed Protocol Mapper Types",
"providerId": "allowed-protocol-mappers",
- "subType": "anonymous",
+ "subType": "authenticated",
"subComponents": {},
"config": {
"allowed-protocol-mapper-types": [
- "saml-user-property-mapper",
- "oidc-address-mapper",
- "oidc-sha256-pairwise-sub-mapper",
"oidc-usermodel-attribute-mapper",
- "oidc-usermodel-property-mapper",
+ "oidc-sha256-pairwise-sub-mapper",
+ "oidc-address-mapper",
"saml-user-attribute-mapper",
+ "oidc-usermodel-property-mapper",
"oidc-full-name-mapper",
- "saml-role-list-mapper"
+ "saml-role-list-mapper",
+ "saml-user-property-mapper"
]
}
},
{
- "id": "56fce54c-5e75-4503-aa7d-925170d82a9d",
+ "id": "ac0e2e9b-a353-428a-bbdc-82892cabce66",
+ "name": "Consent Required",
+ "providerId": "consent-required",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {}
+ },
+ {
+ "id": "16eb3368-d87d-4b82-a5f9-c99fd8b22130",
+ "name": "Full Scope Disabled",
+ "providerId": "scope",
+ "subType": "anonymous",
+ "subComponents": {},
+ "config": {}
+ },
+ {
+ "id": "f9eaf74a-db63-426c-a59c-c3a4e75fe637",
"name": "Allowed Client Scopes",
"providerId": "allowed-client-templates",
"subType": "authenticated",
@@ -1626,17 +1556,9 @@
}
}
],
- "org.keycloak.userprofile.UserProfileProvider": [
- {
- "id": "f32fdf6d-de24-4478-827c-666f89dbefb8",
- "providerId": "declarative-user-profile",
- "subComponents": {},
- "config": {}
- }
- ],
"org.keycloak.keys.KeyProvider": [
{
- "id": "f6534d5e-e9c6-4f65-9521-a36d55a13444",
+ "id": "a504319e-09e9-47b7-87c7-226b6e7cb0f8",
"name": "rsa-generated",
"providerId": "rsa-generated",
"subComponents": {},
@@ -1647,35 +1569,35 @@
}
},
{
- "id": "f635ec76-b78e-4fad-9114-3ca8d39960dd",
- "name": "hmac-generated",
- "providerId": "hmac-generated",
+ "id": "79267a40-0e6e-4422-93c7-e6d7f43b3bc3",
+ "name": "rsa-enc-generated",
+ "providerId": "rsa-enc-generated",
"subComponents": {},
"config": {
"priority": [
"100"
],
"algorithm": [
- "HS256"
+ "RSA-OAEP"
]
}
},
{
- "id": "8b4bbb8c-8cec-409f-8734-135b94bb92f6",
- "name": "rsa-enc-generated",
- "providerId": "rsa-enc-generated",
+ "id": "37f47647-8942-4e86-9d4f-73be591f4b50",
+ "name": "hmac-generated",
+ "providerId": "hmac-generated",
"subComponents": {},
"config": {
"priority": [
"100"
],
"algorithm": [
- "RSA-OAEP"
+ "HS256"
]
}
},
{
- "id": "a2d0ccbd-10a1-4200-a781-889b5fc7b74d",
+ "id": "6ad68646-8ead-472d-b633-8464b1a25cb7",
"name": "aes-generated",
"providerId": "aes-generated",
"subComponents": {},
@@ -1691,7 +1613,7 @@
"supportedLocales": [],
"authenticationFlows": [
{
- "id": "2f589b8c-c67c-4344-b77a-73db7e9ff238",
+ "id": "95c4d9cb-b8bd-4f4a-a325-b844c01005af",
"alias": "Account verification options",
"description": "Method with which to verity the existing account",
"providerId": "basic-flow",
@@ -1717,7 +1639,7 @@
]
},
{
- "id": "6a105aef-bffc-420b-8d3e-8829cc84f0b1",
+ "id": "3263a7aa-8aad-418e-87c6-613c0b9afed6",
"alias": "Authentication Options",
"description": "Authentication options.",
"providerId": "basic-flow",
@@ -1751,7 +1673,7 @@
]
},
{
- "id": "9a582f8d-97b2-4717-a60d-ffd1ae1d0611",
+ "id": "3b3ef605-aa16-4bdf-8747-8aa94a7c01ff",
"alias": "Browser - Conditional OTP",
"description": "Flow to determine if the OTP is required for the
authentication",
"providerId": "basic-flow",
@@ -1777,7 +1699,7 @@
]
},
{
- "id": "ae605cd7-cb24-46ef-a34d-706047726f7c",
+ "id": "473a1601-67b0-42b6-819e-7a1507391464",
"alias": "Direct Grant - Conditional OTP",
"description": "Flow to determine if the OTP is required for the
authentication",
"providerId": "basic-flow",
@@ -1803,7 +1725,7 @@
]
},
{
- "id": "8a33ed63-0893-44f6-a979-83a5419025d8",
+ "id": "f4e80d88-c9de-4430-8266-26d0fa86be28",
"alias": "First broker login - Conditional OTP",
"description": "Flow to determine if the OTP is required for the
authentication",
"providerId": "basic-flow",
@@ -1829,7 +1751,7 @@
]
},
{
- "id": "7f25f07c-e1e0-4e65-b1cc-5ff44b844e69",
+ "id": "b1c92b1c-80d6-43c9-a3c9-774c3e8142ec",
"alias": "Handle Existing Account",
"description": "Handle what to do if there is existing account with same
email/username like authenticated identity provider",
"providerId": "basic-flow",
@@ -1855,7 +1777,7 @@
]
},
{
- "id": "27879743-ec68-461e-b9c6-f47f8ffe7ddd",
+ "id": "3e0d8aed-73b6-4f7d-96e2-8f35aa29a449",
"alias": "Reset - Conditional OTP",
"description": "Flow to determine if the OTP should be reset or not. Set
to REQUIRED to force.",
"providerId": "basic-flow",
@@ -1881,7 +1803,7 @@
]
},
{
- "id": "c0d5ecf3-64a8-45dd-ad88-5d5a7b4cc39b",
+ "id": "1ad72082-d2a1-4376-b9f8-f1f8dd76beb0",
"alias": "User creation or linking",
"description": "Flow for the existing/non-existing user alternatives",
"providerId": "basic-flow",
@@ -1908,7 +1830,7 @@
]
},
{
- "id": "577a3471-5137-4a28-845d-03e32313bed7",
+ "id": "4e6f2646-8d8c-4963-9e6f-a849ab047281",
"alias": "Verify Existing Account by Re-authentication",
"description": "Reauthentication of existing account",
"providerId": "basic-flow",
@@ -1934,7 +1856,7 @@
]
},
{
- "id": "da3c29d0-b25b-4831-81f3-7fc180e9c761",
+ "id": "5f7a059c-5dc8-46f9-98c7-f3cadffbdb1a",
"alias": "browser",
"description": "browser based authentication",
"providerId": "basic-flow",
@@ -1976,7 +1898,7 @@
]
},
{
- "id": "7206cc64-a893-4dd8-b9af-84038e480ad2",
+ "id": "106aa835-d173-434e-a913-88e748e7e923",
"alias": "clients",
"description": "Base authentication for clients",
"providerId": "client-flow",
@@ -2018,7 +1940,7 @@
]
},
{
- "id": "fed14bd1-066f-401d-823c-1253b6c835d2",
+ "id": "aa182beb-e71f-4e76-894a-56fb32da8e0b",
"alias": "direct grant",
"description": "OpenID Connect Resource Owner Grant",
"providerId": "basic-flow",
@@ -2052,7 +1974,7 @@
]
},
{
- "id": "0c2b466e-afe2-437b-a5a9-12350fbc9ec4",
+ "id": "5e68fa3e-79d7-4513-8384-92a5ded84d20",
"alias": "docker auth",
"description": "Used by Docker clients to authenticate against the IDP",
"providerId": "basic-flow",
@@ -2070,7 +1992,7 @@
]
},
{
- "id": "c2759deb-95f9-4bde-ba53-5ef3363eafbc",
+ "id": "fcade43a-0e39-4943-9920-c36682256627",
"alias": "first broker login",
"description": "Actions taken after first broker login with identity
provider account, which is not yet linked to any Keycloak account",
"providerId": "basic-flow",
@@ -2097,7 +2019,7 @@
]
},
{
- "id": "c0836105-73a6-4c73-9c99-b51cbf0e69d9",
+ "id": "e8fe3c0f-ed2d-4422-a7c0-86083ebf8cb7",
"alias": "forms",
"description": "Username, password, otp and other auth forms.",
"providerId": "basic-flow",
@@ -2123,7 +2045,7 @@
]
},
{
- "id": "a6546a9f-bb82-432e-a6f4-42df08fd595d",
+ "id": "1146349f-8007-46d3-af86-6c7981ad20df",
"alias": "http challenge",
"description": "An authentication flow based on challenge-response HTTP
Authentication Schemes",
"providerId": "basic-flow",
@@ -2149,7 +2071,7 @@
]
},
{
- "id": "4ce944ae-cd3e-4ca1-9941-86802378b6f6",
+ "id": "c615a970-c0f5-43f8-9c21-51bf9ad995a6",
"alias": "registration",
"description": "registration flow",
"providerId": "basic-flow",
@@ -2168,7 +2090,7 @@
]
},
{
- "id": "d3177967-b70e-46c3-a69b-042e84443387",
+ "id": "91515eea-f1dd-4d40-a208-6c768fcaca0f",
"alias": "registration form",
"description": "registration form",
"providerId": "form-flow",
@@ -2210,7 +2132,7 @@
]
},
{
- "id": "e2ca73ce-64cd-4108-8892-adfe28f48143",
+ "id": "29206f95-f9f9-4dee-b0ae-05f8b894833f",
"alias": "reset credentials",
"description": "Reset credentials for a user if they forgot their
password or something",
"providerId": "basic-flow",
@@ -2252,7 +2174,7 @@
]
},
{
- "id": "befd4bbf-74b4-45af-8454-aa08765e7344",
+ "id": "3d72ec3a-8d71-49e6-9b20-c3aec370e8be",
"alias": "saml ecp",
"description": "SAML ECP Profile Authentication Flow",
"providerId": "basic-flow",
@@ -2272,14 +2194,14 @@
],
"authenticatorConfig": [
{
- "id": "c20973c7-5b3a-4eb0-87f6-e795c95f64a3",
+ "id": "696cd10b-24f2-48f0-8e68-73977416828a",
"alias": "create unique user config",
"config": {
"require.password.update.after.registration": "false"
}
},
{
- "id": "f0d504a1-df38-4ccf-9832-a40c10a9bf7a",
+ "id": "6449e97b-75a9-48d7-9831-d57aade26979",
"alias": "review profile config",
"config": {
"update.profile.on.first.login": "missing"
@@ -2377,22 +2299,12 @@
"dockerAuthenticationFlow": "docker auth",
"attributes": {
"cibaBackchannelTokenDeliveryMode": "poll",
- "cibaAuthRequestedUserHint": "login_hint",
- "oauth2DevicePollingInterval": "5",
- "clientOfflineSessionMaxLifespan": "0",
- "clientSessionIdleTimeout": "0",
- "actionTokenGeneratedByUserLifespan-execute-actions": "",
- "actionTokenGeneratedByUserLifespan-verify-email": "",
- "clientOfflineSessionIdleTimeout": "0",
- "actionTokenGeneratedByUserLifespan-reset-credentials": "",
- "cibaInterval": "5",
"cibaExpiresIn": "120",
+ "cibaAuthRequestedUserHint": "login_hint",
"oauth2DeviceCodeLifespan": "600",
- "actionTokenGeneratedByUserLifespan-idp-verify-account-via-email": "",
+ "oauth2DevicePollingInterval": "5",
"parRequestUriLifespan": "60",
- "clientSessionMaxLifespan": "0",
- "frontendUrl": "",
- "acr.loa.map": "[]"
+ "cibaInterval": "5"
},
"keycloakVersion": "19.0.1",
"userManagedAccessAllowed": false,
diff --git a/karavan-builder/openshift/karavan-app.yaml
b/karavan-builder/openshift/karavan-app.yaml
index f568ded..592e8c3 100644
--- a/karavan-builder/openshift/karavan-app.yaml
+++ b/karavan-builder/openshift/karavan-app.yaml
@@ -36,10 +36,17 @@ spec:
serviceAccountName: karavan
containers:
- env:
+ - name: PROFILE
+ value: basic
- name: KUBERNETES_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
+ - name: MASTER_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: master-password
+ name: karavan
image: ghcr.io/apache/camel-karavan:3.18.3
imagePullPolicy: Always
name: karavan
