diff --git a/Dockerfile b/Dockerfile index d38ec18d..34bacd00 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,33 +1,59 @@ -FROM thecodingmachine/php:8.2-v4-apache-node16 -ENV PHP_EXTENSION_LDAP=1 -ENV PHP_EXTENSION_INTL=1 -ENV TZ=Europe/Berlin -ENV COMPOSER_ALLOW_SUPERUSER=1 -USER root -RUN usermod -a -G www-data docker -#Do npm install -COPY package.json /var/www/html -COPY package-lock.json /var/www/html -COPY webpack.config.js /var/www/html -RUN npm install -#do npm build -COPY assets /var/www/html/assets -COPY public /var/www/html/public -RUN mkdir -m 777 -p public/build -RUN npm run build -RUN rm -rf node_modules/ -#copy all the rest of the app -COPY . /var/www/html -#install all php dependencies - -RUN chown -R docker:docker secretStorage -USER docker -RUN composer install +ARG PHP_IMAGE_VERSION=3.20.6 +FROM git.h2-invent.com/public-system-design/alpine-php8-webserver:${PHP_IMAGE_VERSION} + +ARG VERSION +ARG SUPERCRONIC_VERSION=0.2.33 + +LABEL version="${VERSION}" \ + Maintainer="H2 invent GmbH" \ + Description="Docker Image for Open Datenschutzcenter" \ + org.opencontainers.version="${VERSION}" \ + org.opencontainers.image.title="Open Datenschutzcenter" \ + org.opencontainers.image.license="AGPLv3" \ + org.opencontainers.image.vendor="H2 invent GmbH" \ + org.opencontainers.image.authors="Andreas Holzmann " \ + org.opencontainers.image.source="https://github.com/h2-invent/open-datenschutzcenter" \ + org.opencontainers.image.documentation="https://open-datenschutzcenter.de" \ + org.opencontainers.image.url="https://open-datenschutzcenter.de" + USER root -#do all the directory stuff -RUN chmod -R 775 public/build -RUN mkdir -p var/cache -RUN chown -R docker:docker var -RUN chmod -R 777 var -RUN chown -R docker:docker var/ -USER docker \ No newline at end of file + +RUN apk --no-cache add \ + unzip \ + && rm -rf /var/cache/apk/* + +RUN mkdir /etc/service/cron \ + && echo "#!/bin/sh" > /etc/service/cron/run \ + && echo "exec 2>&1 /supercronic /var/crontab" >> /etc/service/cron/run \ + && chown -R nobody:nobody /etc/service/cron \ + && chmod -R +x /etc/service/cron + +RUN wget https://github.com/aptible/supercronic/releases/download/v${SUPERCRONIC_VERSION}/supercronic-linux-amd64 -O /supercronic \ + && chmod +x /supercronic + +RUN wget https://git.h2-invent.com/Public-System-Design/Public-Helperscripts/raw/branch/main/distributed_cron.sh -O /distributed_cron.sh \ + && chmod +x /distributed_cron.sh + +RUN echo "# Docker Cron Jobs" > /var/crontab \ + && echo "SHELL=/bin/sh" >> /var/crontab \ + && echo "* * * * * date" >> /var/crontab \ + && echo "0 1 * * * curl https://open-datenschutzcenter.de/health/check" >> /var/crontab \ + && echo "0 9 * * 1-5 /bin/sh /distributed_cron.sh 'data/cron_log' 'php /var/www/html/bin/console app:cron'" >> /var/crontab \ + && echo "" >> /var/crontab + +RUN echo "#!/bin/sh" > /docker-entrypoint-init.d/01-symfony.sh \ + && echo "php bin/console cache:clear" >> /docker-entrypoint-init.d/01-symfony.sh \ + && echo "php bin/console doc:mig:mig --no-interaction" >> /docker-entrypoint-init.d/01-symfony.sh \ + && echo "php bin/console cache:clear" >> /docker-entrypoint-init.d/01-symfony.sh \ + && chmod +x /docker-entrypoint-init.d/01-symfony.sh + +USER nobody + +RUN wget https://github.com/H2-invent/open-datenschutzcenter/releases/download/${VERSION}/application.zip -O artifact.zip \ + && unzip artifact.zip \ + && mkdir data \ + && rm -r var/cache \ + && rm artifact.zip + +ENV nginx_root_directory=/var/www/html/public \ + upload_max_filesize=10M diff --git a/RELEASE_NOTE.md b/RELEASE_NOTE.md index 5a7c54d0..88ae1f55 100644 --- a/RELEASE_NOTE.md +++ b/RELEASE_NOTE.md @@ -4,8 +4,10 @@ * In den TOM Formularen können jetzt die technischen und organisatorischen Maßnahmen mit einem WYSIWYG Editor beschrieben werden. (https://github.com/H2-invent/open-datenschutzcenter/pull/217) * Der neue Assistent unterstützt beim Erstellen von Verarbeitungen und allen notwendigen Datensätzen. Dieser Assistent erleichtert die Erfassung von neuen Verarbeitungen. (https://github.com/H2-invent/open-datenschutzcenter/pull/204) * Ab sofort können Datenschutzelemente von einem Team in Kinderteams vererbt werden. (https://github.com/H2-invent/open-datenschutzcenter/pull/205) - +* Add new Dockerfile for the ODC + ## Bug fixes ## Update Anleitung +* Die Anleitung zum Installieren des ODCs mit hilfe Docker Compose wurde angepasst (https://github.com/H2-invent/open-datenschutzcenter/wiki/Get-Started) diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml deleted file mode 100644 index 8b03571d..00000000 --- a/docker-compose.dev.yml +++ /dev/null @@ -1,42 +0,0 @@ -version: '3' -services: -###> doctrine/doctrine-bundle ### - database: - image: 'mariadb:10.5' - environment: - MYSQL_ROOT_PASSWORD: password - MYSQL_DATABASE: main - TZ: Europe/Berlin - ports: - # To allow the host machine to access the ports below, modify the lines below. - # For example, to allow the host to connect to port 3306 on the container, you would change - # "3306" to "3306:3306". Where the first port is exposed to the host and the second is the container port. - # See https://docs.docker.com/compose/compose-file/compose-file-v3/#ports for more information. - - '3306' - # You may use a bind-mounted host directory instead, so that it is harder to accidentally remove the volume and lose all your data! - # - ./docker/db/data:/var/lib/postgresql/data:rw -###< doctrine/doctrine-bundle ### - keycloak: - image: quay.io/keycloak/keycloak:latest - container_name: "keycloak" - volumes: - - ./keycloak/opendatenschutzcenter-realm.json:/opt/keycloak/data/import/opendatenschutzcenter-realm.json - command: - - --verbose - - start-dev - - --import-realm - environment: - KEYCLOAK_ADMIN: admin - KEYCLOAK_ADMIN_PASSWORD: admin - PROXY_ADDRESS_FORWARDING: true - VIRTUAL_HOST: dev-keycloak.mydomain.com - VIRTUAL_PORT: 8080 - LETSENCRYPT_HOST: dev-keycloak.mydomain.com - TZ: Europe/Berlin - ports: - - '8080:8080' - -volumes: -###> doctrine/doctrine-bundle ### - db-data: -###< doctrine/doctrine-bundle ### \ No newline at end of file diff --git a/docker-compose.test.yml b/docker-compose.test.yml deleted file mode 100644 index 2a70ddb5..00000000 --- a/docker-compose.test.yml +++ /dev/null @@ -1,162 +0,0 @@ -version: '3.8' - -x-app-common: &odc_app - build: . - environment: - APP_ENV: "dev" - APACHE_DOCUMENT_ROOT: "public/" - PHP_EXTENSION_XDEBUG: "1" - PHP_INI_MEMORY_LIMIT: "1G" - PHP_EXTENSION_LDAP: 1 - PHP_EXTENSION_INTL: 1 - MAILER_DSN: ${MAILER_DSN} - -services: - traefik-odc: - image: "traefik:v2.5" - restart: unless-stopped - command: - #- "--log.level=DEBUG" - - "--api.insecure=true" - - "--providers.docker=true" - - "--api.dashboard=true" - - "--providers.docker.exposedbydefault=false" - - "--entrypoints.web.address=:80" - - labels: - - "traefik.enable=true" - - "traefik.http.routers.traefik-odc.rule=Host(`traefik.${PUBLIC_URL}`)" - - "traefik.http.routers.traefik-odc.entrypoints=web" - - "traefik.http.routers.traefik-odc.service=api@internal" - - "traefik.http.routers.traefik-odc.middlewares=traefik-auth" - - "traefik.http.middlewares.traefik-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/" # test:test - - - - ports: - - "80:80" - - "443:443" - volumes: - - "/var/run/docker.sock:/var/run/docker.sock:ro" - - ./data/letsencrypt:/letsencrypt - - ./tools/traefik/config.yml:/etc/traefik/dynamic_conf/conf.yml:ro - - networks: - default: - aliases: - - keycloak.${PUBLIC_URL} - - ${PUBLIC_URL} - - #Here is the ODC app - app-odc: - <<: *odc_app - depends_on: - db-odc: - condition: service_healthy - healthcheck: - test: [ "CMD", "curl", "-s", "-f", "-i", "http://localhost:80/health/check" ] - interval: 20s - timeout: 10s - start_period: 30s - retries: 10 - restart: unless-stopped - environment: - APP_ENV: "dev" - APACHE_DOCUMENT_ROOT: "public/" - PHP_EXTENSION_XDEBUG: "1" - PHP_INI_MEMORY_LIMIT: "1G" - PHP_EXTENSION_LDAP: 1 - PHP_EXTENSION_INTL: 1 - DATABASE_URL: mysql://odc:${ODC_DB_PW}@${RANDOMTAG}db-odc:3306/odc - MAILER_TRANSPORT: smtp - OAUTH_KEYCLOAK_CLIENT_ID: opendatenschutzcenter - OAUTH_KEYCLOAK_CLIENT_SECRET: ${OAUTH_KEYCLOAK_CLIENT_SECRET} - OAUTH_KEYCLOAK_SERVER: ${HTTP_METHOD}://${PUBLIC_URL}/keycloak - OAUTH_KEYCLOAK_REALM: opendatenschutzcenter - MAILER_DSN: ${MAILER_DSN} - MAILER_HOST: ${MAILER_HOST} - MAILER_PORT: ${MAILER_PORT} - MAILER_PASSWORD: ${MAILER_PASSWORD} - MAILER_USERNAME: ${MAILER_USERNAME} - MAILER_ENCRYPTION: ${MAILER_ENC} - laF_version: ${GIT_VERSION} - registerEmailAdress: ${registerEmailAdress} - DEFAULT_EMAIL: ${registerEmailAdress} - laF_baseUrl: ${HTTP_METHOD}://${PUBLIC_URL} - VICH_BASE: ${HTTP_METHOD}://${PUBLIC_URL} - CRON_USER_1: root - CRON_SCHEDULE_1: "* * * * *" - CRON_COMMAND_1: "php /var/www/html/bin/console cron:run" - - labels: - - "traefik.enable=true" - - "traefik.http.routers.app-odc.rule=Host(`${PUBLIC_URL}`)" - - "traefik.http.routers.app-odc.entrypoints=web" - - "traefik.http.services.app-odc.loadbalancer.server.port=80" - - "traefik.http.services.app-odc.loadbalancer.sticky=true" - - "traefik.http.services.app-odc.loadbalancer.sticky.cookie.name=odc" - volumes: - - datenschutzcenter_uploads:/var/www/html/public/uploads:rw - - datenschutzcenter_secret_storage:/var/www/html/secretStorage:rw - - datenschutzcenter_data:/var/www/html/public/data:rw - - $PWD/dockerupdate.sh:/etc/container/startup.sh - networks: - - default - - - db-odc: - image: mariadb:latest - hostname: ${RANDOMTAG}db-odc - restart: unless-stopped - healthcheck: - test: [ "CMD", "mariadb-admin" ,"ping", "-h", "localhost","-ptest" ] - timeout: 20s - retries: 10 - environment: - MARIADB_ROOT_PASSWORD: test - volumes: - - mariadb:/var/lib/mysql - - ./docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d - networks: - - default - - keycloak-odc: - image: quay.io/keycloak/keycloak:22.0.3 - restart: unless-stopped - depends_on: - app-odc: - condition: service_healthy - environment: - KEYCLOAK_ADMIN: admin - KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PW} - KC_DB: mariadb - KC_DB_PASSWORD: ${KEYCLOAK_PW} - KC_DB_URL: jdbc:mariadb://${RANDOMTAG}db-odc:3306/keycloak - KC_DB_USERNAME: keycloak - KC_HOSTNAME_URL: ${HTTP_METHOD}://${PUBLIC_URL}/keycloak - KC_HOSTNAME_PATH: ${HTTP_METHOD}://${PUBLIC_URL}/keycloak - KC_HOSTNAME_ADMIN_URL: ${HTTP_METHOD}://${PUBLIC_URL}/keycloak - KC_HTTP_RELATIVE_PATH: /keycloak - KC_PROXY: passthrough - - command: - - start-dev - - --import-realm - labels: - - "traefik.enable=true" - - "traefik.http.routers.keycloak-odc.rule=Host(`${PUBLIC_URL}`) && PathPrefix(`/keycloak`)" - - "traefik.http.routers.keycloak-odc.entrypoints=web" - - "traefik.http.services.keycloak-odc.loadbalancer.server.port=8080" - - volumes: - - ./keycloak/:/opt/keycloak/data/import - networks: - - default - - -volumes: - mariadb: - image_upload: - datenschutzcenter_uploads: - datenschutzcenter_data: - datenschutzcenter_secret_storage: diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index 98a5e7e8..00000000 --- a/docker-compose.yml +++ /dev/null @@ -1,171 +0,0 @@ -version: '3.8' - -x-app-common: &odc_app - build: . - environment: - APACHE_DOCUMENT_ROOT: "public/" - PHP_EXTENSION_XDEBUG: "1" - PHP_INI_MEMORY_LIMIT: "1G" - PHP_EXTENSION_LDAP: 1 - PHP_EXTENSION_INTL: 1 - MAILER_DSN: ${MAILER_DSN} - - -services: - traefik-odc: - image: "traefik:v2.5" - - command: - #- "--log.level=DEBUG" - - "--api.insecure=false" - - "--providers.docker=true" - #- "--api.dashboard=true" - - - "--providers.docker.exposedbydefault=false" - - - "--entrypoints.unsecure.address=:80" - - "--entrypoints.web.address=:443" - # Global HTTP -> HTTPS - - "--entrypoints.unsecure.http.redirections.entryPoint.to=web" - - "--entrypoints.unsecure.http.redirections.entryPoint.scheme=https" - # SSL configuration - - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true" - - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=unsecure" - - "--certificatesresolvers.letsencrypt.acme.email=${registerEmailAdress}" - - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" - - labels: - - "traefik.enable=true" - - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)" - - "traefik.http.routers.http-catchall.entrypoints=unsecure" - - "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker" - - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https" - - - "traefik.http.routers.traefik-odc.rule=Host(`traefik.${PUBLIC_URL}`)" - - "traefik.http.routers.traefik-odc.entrypoints=web" - - "traefik.http.routers.traefik-odc.tls.certresolver=letsencrypt" - - "traefik.http.routers.traefik-odc.service=api@internal" - - "traefik.http.routers.traefik-odc.middlewares=traefik-auth" - - "traefik.http.middlewares.traefik-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/" # test:test - - - - ports: - - "80:80" - - "443:443" - volumes: - - "/var/run/docker.sock:/var/run/docker.sock:ro" - - ./data/letsencrypt:/letsencrypt - - ./tools/traefik/config.yml:/etc/traefik/dynamic_conf/conf.yml:ro - - #Here is the ODC app - app-odc: - <<: *odc_app - depends_on: - db-odc: - condition: service_healthy - healthcheck: - test: [ "CMD", "curl", "-s", "-f", "-i", "http://localhost:80/health/check" ] - interval: 20s - timeout: 10s - start_period: 30s - retries: 10 - restart: unless-stopped - - environment: - APACHE_DOCUMENT_ROOT: "public/" - PHP_EXTENSION_XDEBUG: "1" - PHP_INI_MEMORY_LIMIT: "1G" - PHP_EXTENSION_LDAP: 1 - PHP_EXTENSION_INTL: 1 - DATABASE_URL: mysql://odc:${ODC_DB_PW}@${RANDOMTAG}db-odc:3306/odc - MAILER_TRANSPORT: smtp - OAUTH_KEYCLOAK_CLIENT_ID: opendatenschutzcenter - OAUTH_KEYCLOAK_CLIENT_SECRET: ${OAUTH_KEYCLOAK_CLIENT_SECRET} - OAUTH_KEYCLOAK_SERVER: ${HTTP_METHOD}://${PUBLIC_URL}/keycloak - OAUTH_KEYCLOAK_REALM: opendatenschutzcenter - MAILER_DSN: ${MAILER_DSN} - MAILER_HOST: ${MAILER_HOST} - MAILER_PORT: ${MAILER_PORT} - MAILER_PASSWORD: ${MAILER_PASSWORD} - MAILER_USERNAME: ${MAILER_USERNAME} - MAILER_ENCRYPTION: ${MAILER_ENC} - laF_version: ${GIT_VERSION} - registerEmailAdress: ${registerEmailAdress} - DEFAULT_EMAIL: ${registerEmailAdress} - laF_baseUrl: ${HTTP_METHOD}://${PUBLIC_URL} - VICH_BASE: ${HTTP_METHOD}://${PUBLIC_URL} - CRON_USER_1: docker - CRON_SCHEDULE_1: "* * * * *" - CRON_COMMAND_1: "php /var/www/html/bin/console cron:run" - - labels: - - "traefik.enable=true" - - "traefik.http.routers.app-odc.tls=true" - - "traefik.http.routers.app-odc.rule=Host(`${PUBLIC_URL}`)" - - "traefik.http.routers.app-odc.entrypoints=web" - - "traefik.http.services.app-odc.loadbalancer.server.port=80" - - "traefik.http.routers.app-odc.tls.certresolver=letsencrypt" - - "traefik.http.services.app-odc.loadbalancer.sticky=true" - - "traefik.http.services.app-odc.loadbalancer.sticky.cookie.name=odc" - - "traefik.http.services.app-odc.loadbalancer.sticky.cookie.secure=true" - volumes: - - datenschutzcenter_uploads:/var/www/html/public/uploads:rw - - datenschutzcenter_secret_storage:/var/www/html/secretStorage:rw - - datenschutzcenter_data:/var/www/html/public/data:rw - - $PWD/dockerupdate.sh:/etc/container/startup.sh - - - db-odc: - image: mariadb:latest - hostname: ${RANDOMTAG}db-odc - healthcheck: - test: [ "CMD", "mariadb-admin" ,"ping", "-h", "localhost","-ptest" ] - timeout: 20s - retries: 10 - restart: unless-stopped - environment: - MARIADB_ROOT_PASSWORD: test - volumes: - - mariadb:/var/lib/mysql - - ./docker-entrypoint-initdb.d:/docker-entrypoint-initdb.d - - keycloak-odc: - image: quay.io/keycloak/keycloak:22.0.3 - depends_on: - app-odc: - condition: service_healthy - environment: - KEYCLOAK_ADMIN: admin - KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PW} - KC_DB: mariadb - KC_DB_PASSWORD: ${KEYCLOAK_PW} - KC_DB_URL: jdbc:mariadb://${RANDOMTAG}db-odc:3306/keycloak - KC_DB_USERNAME: keycloak - KC_HOSTNAME_URL: ${HTTP_METHOD}://${PUBLIC_URL}/keycloak - KC_HOSTNAME_PATH: ${HTTP_METHOD}://${PUBLIC_URL}/keycloak - KC_HOSTNAME_ADMIN_URL: ${HTTP_METHOD}://${PUBLIC_URL}/keycloak - KC_HTTP_RELATIVE_PATH: /keycloak - KC_PROXY: passthrough - - command: - - start-dev - - --import-realm - labels: - - "traefik.enable=true" - - "traefik.http.routers.keycloak-odc.tls=true" - - "traefik.http.routers.keycloak-odc.rule=Host(`${PUBLIC_URL}`) && PathPrefix(`/keycloak`)" - - "traefik.http.routers.keycloak-odc.entrypoints=web" - - "traefik.http.services.keycloak-odc.loadbalancer.server.port=8080" - - "traefik.http.routers.keycloak-odc.tls.certresolver=letsencrypt" - - volumes: - - ./keycloak/:/opt/keycloak/data/import - - -volumes: - mariadb: - image_upload: - datenschutzcenter_uploads: - datenschutzcenter_data: - datenschutzcenter_secret_storage: \ No newline at end of file diff --git a/docker-entrypoint-initdb.d/init-userdb.sql b/docker-entrypoint-initdb.d/init-userdb.sql deleted file mode 100644 index 5b611682..00000000 --- a/docker-entrypoint-initdb.d/init-userdb.sql +++ /dev/null @@ -1,7 +0,0 @@ -CREATE USER 'odc'@'%' IDENTIFIED BY ''; -CREATE DATABASE odc; -GRANT ALL PRIVILEGES ON odc.* TO 'odc'@'%'; -CREATE USER 'keycloak'@'%' IDENTIFIED BY ''; -CREATE DATABASE keycloak; -GRANT ALL PRIVILEGES ON keycloak.* TO 'keycloak'@'%'; -FLUSH PRIVILEGES; \ No newline at end of file diff --git a/dockerupdate.sh b/dockerupdate.sh deleted file mode 100755 index 71b267c1..00000000 --- a/dockerupdate.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/usr/bin/env bash -echo --------------Shutdown Apache------------------------------------------ -#service apache2 stop - -APP=/var/www/html -echo -------------------------------------------------------------------------- -echo ----------------Create Database------------------------------------------- -echo ----------------Please Backup your database------------------------------- -echo -------------------------------------------------------------------------- -php $APP/bin/console cache:clear -php $APP/bin/console doctrine:mig:mig --no-interaction -#php bin/console doctrine:migrations:migrate --no-interaction -echo -------------------------------------------------------------------------- -echo -----------------Clear Cache---------------------------------------------- -echo -------------------------------------------------------------------------- -php $APP/bin/console cache:clear -php $APP/bin/console cache:warmup -echo -------------------------------------------------------------------------- -echo -----------------------Updated the Jitsi-Admin correct------------------ -echo -------------------------------------------------------------------------- diff --git a/installDockerDebian.sh b/installDockerDebian.sh deleted file mode 100755 index cafba74b..00000000 --- a/installDockerDebian.sh +++ /dev/null @@ -1,25 +0,0 @@ -#! /bin/bash - -sudo apt-get remove docker docker-engine docker.io containerd runc -y - -sudo apt-get update -sudo apt-get upgrade -y -sudo apt-get install ca-certificates curl gnupg wget -y - -sudo install -m 0755 -d /etc/apt/keyrings -curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg -sudo chmod a+r /etc/apt/keyrings/docker.gpg - -echo \ - "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \ - "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \ - sudo tee /etc/apt/sources.list.d/docker.list > /dev/null - -sudo apt-get update -sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin -y - -sudo wget https://github.com/docker/compose/releases/download/v2.29.1/docker-compose-linux-x86_64 -O /usr/local/bin/docker-compose -sudo chmod +x /usr/local/bin/docker-compose -docker-compose -v - -sudo bash ./installOdcDocker.sh diff --git a/installDockerUbuntu.sh b/installDockerUbuntu.sh deleted file mode 100755 index 0a35ba90..00000000 --- a/installDockerUbuntu.sh +++ /dev/null @@ -1,24 +0,0 @@ -#! /bin/bash - -sudo apt-get remove docker docker-engine docker.io containerd runc - -sudo apt-get update -sudo apt-get install ca-certificates curl gnupg - -sudo install -m 0755 -d /etc/apt/keyrings -curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg -sudo chmod a+r /etc/apt/keyrings/docker.gpg - -echo \ - "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ - "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \ - sudo tee /etc/apt/sources.list.d/docker.list > /dev/null - -sudo apt-get update -sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin - -sudo wget https://github.com/docker/compose/releases/download/v2.29.1/docker-compose-linux-x86_64 -O /usr/local/bin/docker-compose -sudo chmod +x /usr/local/bin/docker-compose -docker-compose -v - -sudo bash ./installOdcDocker.sh diff --git a/installOdcDocker.sh b/installOdcDocker.sh deleted file mode 100755 index 9b236ca8..00000000 --- a/installOdcDocker.sh +++ /dev/null @@ -1,143 +0,0 @@ -#! /bin/bash - -echo Welcome to the installer: -FILE=docker.conf -if [ -f "$FILE" ]; then - source $FILE -else - touch $FILE - KEYCLOAK_PW=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) - ODC_DB_PW=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) - KEYCLOAK_ADMIN_PW=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) - NEW_UUID=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1) - echo "KEYCLOAK_PW=$KEYCLOAK_PW" >> $FILE - echo "KEYCLOAK_ADMIN_PW=$KEYCLOAK_ADMIN_PW" >> $FILE - echo "NEW_UUID=$NEW_UUID" >> $FILE - echo "ODC_DB_PW=$ODC_DB_PW" >> $FILE - source $FILE -fi - ENVIRONMENT=${ENVIRONMENT:=prod} - read -p "Enter the environment dev/prod[$ENVIRONMENT]: " input - ENVIRONMENT=${input:=$ENVIRONMENT} - sed -i '/ENVIRONMENT/d' $FILE - echo "ENVIRONMENT=$ENVIRONMENT" >> $FILE - - HTTP_METHOD=${HTTP_METHOD:=https} - read -p "Enter http/https for testing on local environment ALWAYS use http [$HTTP_METHOD]: " input - HTTP_METHOD=${input:=$HTTP_METHOD} - sed -i '/HTTP_METHOD/d' $FILE - echo "HTTP_METHOD=$HTTP_METHOD" >> $FILE - - PUBLIC_URL=${PUBLIC_URL:=dev.domain.de} - read -p "Enter the url you want to enter the open-datenschutzcenter without http://, https:// or ports [$PUBLIC_URL]: " input - PUBLIC_URL=${input:=$PUBLIC_URL} - sed -i '/PUBLIC_URL/d' $FILE - echo "PUBLIC_URL=$PUBLIC_URL" >> $FILE - - echo -------------------------------------------------------------------------- - echo -----------------We looking for all the other parameters------------------- - echo -------------------------------------------------------------------------- - echo ------------------------------------------------------------- - echo -----------------Mailer-------------------------------------- - echo ------------------------------------------------------------- - smtpHost=${smtpHost:=localhost} - read -p "Enter smtp host: [$smtpHost]" input - smtpHost=${input:=$smtpHost} - sed -i '/smtpHost/d' $FILE - echo "smtpHost=$smtpHost" >> $FILE - - smtpPort=${smtpPort:=587} - read -p "Enter smtp port [$smtpPort]: " input - smtpPort=${input:=$smtpPort} - sed -i '/smtpPort/d' $FILE - echo "smtpPort=$smtpPort" >> $FILE - - smtpUsername=${smtpUsername:=username} - read -p "Enter smtp username [$smtpUsername]: " input - smtpUsername=${input:=$smtpUsername} - sed -i '/smtpUsername/d' $FILE - echo "smtpUsername=$smtpUsername" >> $FILE - - - smtpPassword=${smtpPassword:=password} - read -p "Enter smtp password [$smtpPassword]: " input - smtpPassword=${input:=$smtpPassword} - sed -i '/smtpPassword/d' $FILE - echo "smtpPassword=$smtpPassword" >> $FILE - - - smtpEncryption=${smtpEncryption:=none} - read -p "Enter SMTP encrytion tls/ssl/none: [$smtpEncryption]" input - smtpEncryption=${input:=$smtpEncryption} - sed -i '/smtpEncryption/d' $FILE - echo "smtpEncryption=$smtpEncryption" >> $FILE - - smtpFrom=${smtpFrom:=test@local.de} - read -p "Enter smtp FROM mail:[$smtpFrom] " input - smtpFrom=${input:=$smtpFrom} - sed -i '/smtpFrom/d' $FILE - echo "smtpFrom=$smtpFrom" >> $FILE - - echo ------------------------------------------------------------- - echo -----------------we build the KEycloak----------------------- - echo ------------------------------------------------------------- -sed -i "s||$NEW_UUID|g" keycloak/realm-export.json -sed -i "s||$HTTP_METHOD://$PUBLIC_URL|g" keycloak/realm-export.json - -sed -i "s||$smtpPassword|g" keycloak/realm-export.json -sed -i "s||$smtpPort|g" keycloak/realm-export.json -sed -i "s||$smtpHost|g" keycloak/realm-export.json -sed -i "s||$smtpFrom|g" keycloak/realm-export.json -sed -i "s||$smtpUsername|g" keycloak/realm-export.json - -if [ "$smtpEncryption" == 'tls' ]; then - sed -i "s||\"starttls\": \"true\",|g" keycloak/realm-export.json -elif [ "$smtpEncryption" == 'ssl' ]; then - sed -i "s|| \"ssl\": \"true\",|g" keycloak/realm-export.json - else - sed -i "s|| \"ssl\": \"false\",\n\"starttls\": \"false\",|g" keycloak/realm-export.json -fi - - echo ------------------------------------------------------------- - echo -----------------we build the Database----------------------- - echo ------------------------------------------------------------- -sed -i "s||$ODC_DB_PW|g" docker-entrypoint-initdb.d/init-userdb.sql -sed -i "s||$KEYCLOAK_PW|g" docker-entrypoint-initdb.d/init-userdb.sql - - -export MAILER_DSN=smtp://$smtpUsername:$smtpPassword@$smtpHost:$smtpPort -export MAILER_HOST=$smtpHost -export MAILER_PORT=$smtpPort -export MAILER_PASSWORD=$smtpPassword -export MAILER_USERNAME=$smtpUsername -export MAILER_ENC=$smtpEncryption -export laF_baseUrl=$HTTP_METHOD://$PUBLIC_URL - -export GIT_VERSION=$(git rev-parse --short=5 HEAD) -export PUBLIC_URL=$PUBLIC_URL -export OAUTH_KEYCLOAK_CLIENT_SECRET=$NEW_UUID -export HTTP_METHOD=$HTTP_METHOD -export KEYCLOAK_PW=$KEYCLOAK_PW -export ODC_DB_PW=$ODC_DB_PW -export KEYCLOAK_ADMIN_PW=$KEYCLOAK_ADMIN_PW -export registerEmailAdress=$smtpFrom -RANDOMTAG=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 10 | head -n 1); -export RANDOMTAG - -if [ "$ENVIRONMENT" == 'dev' ]; then - docker-compose -f docker-compose.test.yml build - docker-compose -f docker-compose.test.yml up -d -elif [ "$ENVIRONMENT" == 'cluster' ]; then - docker-compose -f docker-compose.cluster.yml build - docker-compose -f docker-compose.cluster.yml up -d -else - docker-compose -f docker-compose.yml build - docker-compose -f docker-compose.yml up -d -fi -RED='\033[0;31m' -NC='\033[0m' # No Color -printf "Browse to ${RED}%s://%s${NC} and visit your own open-datenschutzcenter\n" $HTTP_METHOD $PUBLIC_URL -printf "To change any keycloak setting browse to${RED} %s://%s${NC}/keycloak and there the username is:admin and the password %s\n" $HTTP_METHOD $PUBLIC_URL $KEYCLOAK_ADMIN_PW -printf "Any settings and password can be found in the ${RED}docker.conf${NC} file\n" -printf "To find your loadbalancer go to ${RED}%s://traefik.%s${NC} and enter the user:test and the password:test\n" $HTTP_METHOD $PUBLIC_URL -printf "Have fun with your open-datenschutzcenter and give us a star on github. https://github.com/H2-invent/open-datenschutzcenter/\n" diff --git a/keycloak/opendatenschutzcenter-realm.json b/keycloak/opendatenschutzcenter-realm.json deleted file mode 100644 index 531f3ebc..00000000 --- a/keycloak/opendatenschutzcenter-realm.json +++ /dev/null @@ -1,1883 +0,0 @@ -{ - "id" : "opendatenschutzcenter", - "realm" : "opendatenschutzcenter", - "notBefore" : 0, - "defaultSignatureAlgorithm" : "RS256", - "revokeRefreshToken" : false, - "refreshTokenMaxReuse" : 0, - "accessTokenLifespan" : 300, - "accessTokenLifespanForImplicitFlow" : 900, - "ssoSessionIdleTimeout" : 1800, - "ssoSessionMaxLifespan" : 36000, - "ssoSessionIdleTimeoutRememberMe" : 0, - "ssoSessionMaxLifespanRememberMe" : 0, - "offlineSessionIdleTimeout" : 2592000, - "offlineSessionMaxLifespanEnabled" : false, - "offlineSessionMaxLifespan" : 5184000, - "clientSessionIdleTimeout" : 0, - "clientSessionMaxLifespan" : 0, - "clientOfflineSessionIdleTimeout" : 0, - "clientOfflineSessionMaxLifespan" : 0, - "accessCodeLifespan" : 60, - "accessCodeLifespanUserAction" : 300, - "accessCodeLifespanLogin" : 1800, - "actionTokenGeneratedByAdminLifespan" : 43200, - "actionTokenGeneratedByUserLifespan" : 300, - "oauth2DeviceCodeLifespan" : 600, - "oauth2DevicePollingInterval" : 5, - "enabled" : true, - "sslRequired" : "external", - "registrationAllowed" : true, - "registrationEmailAsUsername" : true, - "rememberMe" : true, - "verifyEmail" : false, - "loginWithEmailAllowed" : true, - "duplicateEmailsAllowed" : false, - "resetPasswordAllowed" : true, - "editUsernameAllowed" : false, - "bruteForceProtected" : false, - "permanentLockout" : false, - "maxFailureWaitSeconds" : 900, - "minimumQuickLoginWaitSeconds" : 60, - "waitIncrementSeconds" : 60, - "quickLoginCheckMilliSeconds" : 1000, - "maxDeltaTimeSeconds" : 43200, - "failureFactor" : 30, - "roles" : { - "realm" : [ { - "id" : "1e39316e-9362-40fd-b36e-98cdbaa88206", - "name" : "default-roles-opendatenschutzcenter", - "description" : "${role_default-roles}", - "composite" : true, - "composites" : { - "realm" : [ "offline_access", "uma_authorization" ], - "client" : { - "opendatenschutzcenter" : [ "uma_protection", "odc-super-admin" ], - "account" : [ "view-profile", "manage-account" ] - } - }, - "clientRole" : false, - "containerId" : "opendatenschutzcenter", - "attributes" : { } - }, { - "id" : "b5758b7c-d11f-488b-89ed-11acd496b5a3", - "name" : "uma_authorization", - "description" : "${role_uma_authorization}", - "composite" : false, - "clientRole" : false, - "containerId" : "opendatenschutzcenter", - "attributes" : { } - }, { - "id" : "abed3730-b96d-43fa-a01a-a9b6de82386c", - "name" : "offline_access", - "description" : "${role_offline-access}", - "composite" : false, - "clientRole" : false, - "containerId" : "opendatenschutzcenter", - "attributes" : { } - } ], - "client" : { - "opendatenschutzcenter" : [ { - "id" : "2cc14124-40db-418c-8343-625d5171671e", - "name" : "uma_protection", - "composite" : false, - "clientRole" : true, - "containerId" : "e0d7a685-a075-4834-a6ca-cb40d734f4af", - "attributes" : { } - }, { - "id" : "b0ae121e-dd3e-473a-bde5-b54d390bb984", - "name" : "odc-super-admin", - "description" : "", - "composite" : false, - "clientRole" : true, - "containerId" : "e0d7a685-a075-4834-a6ca-cb40d734f4af", - "attributes" : { } - } ], - "realm-management" : [ { - "id" : "38d7208c-fb9b-4df7-a424-41724e3429a9", - "name" : "view-realm", - "description" : "${role_view-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes" : { } - }, { - "id" : "5478251e-264f-4eb8-8cd0-2e53c044654e", - "name" : "create-client", - "description" : "${role_create-client}", - "composite" : false, - "clientRole" : true, - "containerId" : "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes" : { } - }, { - "id" : "bf17a3ce-ed84-4395-8955-b73e37f29d05", - "name" : "query-groups", - "description" : "${role_query-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes" : { } - }, { - "id" : "e50dffff-9e6c-432a-bbea-cf041fab6f2f", - "name" : "query-realms", - "description" : "${role_query-realms}", - "composite" : false, - "clientRole" : true, - "containerId" : "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes" : { } - }, { - "id" : "044225f4-3e61-449a-a3a8-97ac3f85f266", - "name" : "view-clients", - "description" : "${role_view-clients}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "query-clients" ] - } - }, - "clientRole" : true, - "containerId" : "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes" : { } - }, { - "id" : "8a0c305f-29f9-4466-96c5-4d2490b496fa", - "name" : "manage-realm", - "description" : "${role_manage-realm}", - "composite" : false, - "clientRole" : true, - "containerId" : "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes" : { } - }, { - "id" : "763c2817-554d-4cc6-b6f0-7c70db458c6f", - "name" : "manage-identity-providers", - "description" : "${role_manage-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes" : { } - }, { - "id" : "e85936e0-da6a-48fe-bce8-a4b2ec065c6a", - "name" : "view-authorization", - "description" : "${role_view-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes" : { } - }, { - "id" : "1672e14d-d431-4166-9463-17d71bb79997", - "name" : "view-identity-providers", - "description" : "${role_view-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes" : { } - }, { - "id" : "aac81c3d-dfbd-4220-8abc-16744384d1ce", - "name" : "manage-clients", - "description" : "${role_manage-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes" : { } - }, { - "id" : "79669483-b6a7-4b05-a9d8-20c3dba7bc3a", - "name" : "query-clients", - "description" : "${role_query-clients}", - "composite" : false, - "clientRole" : true, - "containerId" : "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes" : { } - }, { - "id" : "34236bf4-7681-4fc8-984e-f1a248025a41", - "name" : "view-events", - "description" : "${role_view-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes" : { } - }, { - "id" : "df5c1e5d-dc53-4a15-bd4b-742b02305acd", - "name" : "manage-users", - "description" : "${role_manage-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes" : { } - }, { - "id" : "4aa69096-01bb-4ae2-8d80-7481e2c2f6ca", - "name" : "query-users", - "description" : "${role_query-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes" : { } - }, { - "id" : "53a73235-04b2-4db8-a686-49c8baf716a4", - "name" : "impersonation", - "description" : "${role_impersonation}", - "composite" : false, - "clientRole" : true, - "containerId" : "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes" : { } - }, { - "id" : "5f306975-1694-465b-823f-51557a183fd8", - "name" : "realm-admin", - "description" : "${role_realm-admin}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "view-realm", "create-client", "query-groups", "view-clients", "query-realms", "manage-realm", "manage-identity-providers", "view-authorization", "view-identity-providers", "view-events", "query-clients", "manage-clients", "manage-users", "query-users", "impersonation", "manage-authorization", "manage-events", "view-users" ] - } - }, - "clientRole" : true, - "containerId" : "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes" : { } - }, { - "id" : "79bd5266-7e33-4883-876f-35767980453b", - "name" : "manage-authorization", - "description" : "${role_manage-authorization}", - "composite" : false, - "clientRole" : true, - "containerId" : "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes" : { } - }, { - "id" : "29daccc2-5362-449b-8da1-5c7609e77d25", - "name" : "manage-events", - "description" : "${role_manage-events}", - "composite" : false, - "clientRole" : true, - "containerId" : "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes" : { } - }, { - "id" : "b915a638-f8c4-4950-be07-852d34ab4169", - "name" : "view-users", - "description" : "${role_view-users}", - "composite" : true, - "composites" : { - "client" : { - "realm-management" : [ "query-groups", "query-users" ] - } - }, - "clientRole" : true, - "containerId" : "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes" : { } - } ], - "security-admin-console" : [ ], - "admin-cli" : [ ], - "account-console" : [ ], - "broker" : [ { - "id" : "359ce66a-2b57-4c14-9e13-099e101b2b6a", - "name" : "read-token", - "description" : "${role_read-token}", - "composite" : false, - "clientRole" : true, - "containerId" : "4a5b0cfb-560f-410f-98ce-85371bc14188", - "attributes" : { } - } ], - "account" : [ { - "id" : "74fd6684-2ee1-4ea9-adc9-58736b395f10", - "name" : "view-profile", - "description" : "${role_view-profile}", - "composite" : false, - "clientRole" : true, - "containerId" : "170f55bf-4418-47f9-a248-4010687f6214", - "attributes" : { } - }, { - "id" : "5399f61d-a67d-40b9-9958-8dc4df28caee", - "name" : "view-applications", - "description" : "${role_view-applications}", - "composite" : false, - "clientRole" : true, - "containerId" : "170f55bf-4418-47f9-a248-4010687f6214", - "attributes" : { } - }, { - "id" : "4ed60b11-a624-493f-b92a-9db11af4c553", - "name" : "view-groups", - "description" : "${role_view-groups}", - "composite" : false, - "clientRole" : true, - "containerId" : "170f55bf-4418-47f9-a248-4010687f6214", - "attributes" : { } - }, { - "id" : "a3c0bcac-750d-477e-9806-72af93de5c2a", - "name" : "manage-consent", - "description" : "${role_manage-consent}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "view-consent" ] - } - }, - "clientRole" : true, - "containerId" : "170f55bf-4418-47f9-a248-4010687f6214", - "attributes" : { } - }, { - "id" : "10e9cb15-37b9-4825-830f-3329d81b0421", - "name" : "delete-account", - "description" : "${role_delete-account}", - "composite" : false, - "clientRole" : true, - "containerId" : "170f55bf-4418-47f9-a248-4010687f6214", - "attributes" : { } - }, { - "id" : "dc93a52d-30bd-48df-b303-56a83fe72bca", - "name" : "manage-account-links", - "description" : "${role_manage-account-links}", - "composite" : false, - "clientRole" : true, - "containerId" : "170f55bf-4418-47f9-a248-4010687f6214", - "attributes" : { } - }, { - "id" : "e0f3ee32-5e3a-46c7-bbf1-5df3dee4cf0f", - "name" : "manage-account", - "description" : "${role_manage-account}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "manage-account-links" ] - } - }, - "clientRole" : true, - "containerId" : "170f55bf-4418-47f9-a248-4010687f6214", - "attributes" : { } - }, { - "id" : "fa19b2a4-60e0-4f6f-8738-9b1c8da777c7", - "name" : "view-consent", - "description" : "${role_view-consent}", - "composite" : false, - "clientRole" : true, - "containerId" : "170f55bf-4418-47f9-a248-4010687f6214", - "attributes" : { } - } ] - } - }, - "groups" : [ { - "id" : "ff65e179-38ca-4ca7-a244-ef80b160e3df", - "name" : "all", - "path" : "/all", - "attributes" : { }, - "realmRoles" : [ ], - "clientRoles" : { }, - "subGroups" : [ ] - } ], - "defaultRole" : { - "id" : "1e39316e-9362-40fd-b36e-98cdbaa88206", - "name" : "default-roles-opendatenschutzcenter", - "description" : "${role_default-roles}", - "composite" : true, - "clientRole" : false, - "containerId" : "opendatenschutzcenter" - }, - "defaultGroups" : [ "/all" ], - "requiredCredentials" : [ "password" ], - "otpPolicyType" : "totp", - "otpPolicyAlgorithm" : "HmacSHA1", - "otpPolicyInitialCounter" : 0, - "otpPolicyDigits" : 6, - "otpPolicyLookAheadWindow" : 1, - "otpPolicyPeriod" : 30, - "otpPolicyCodeReusable" : false, - "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ], - "webAuthnPolicyRpEntityName" : "keycloak", - "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyRpId" : "", - "webAuthnPolicyAttestationConveyancePreference" : "not specified", - "webAuthnPolicyAuthenticatorAttachment" : "not specified", - "webAuthnPolicyRequireResidentKey" : "not specified", - "webAuthnPolicyUserVerificationRequirement" : "not specified", - "webAuthnPolicyCreateTimeout" : 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyAcceptableAaguids" : [ ], - "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], - "webAuthnPolicyPasswordlessRpId" : "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", - "webAuthnPolicyPasswordlessCreateTimeout" : 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, - "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], - "scopeMappings" : [ { - "clientScope" : "offline_access", - "roles" : [ "offline_access" ] - } ], - "clientScopeMappings" : { - "account" : [ { - "client" : "account-console", - "roles" : [ "manage-account", "view-groups" ] - } ] - }, - "clients" : [ { - "id" : "170f55bf-4418-47f9-a248-4010687f6214", - "clientId" : "account", - "name" : "${client_account}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/opendatenschutzcenter/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/realms/opendatenschutzcenter/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ ], - "optionalClientScopes" : [ ] - }, { - "id" : "43a8c6a3-475d-4dd6-8f11-03a955ebe93e", - "clientId" : "account-console", - "name" : "${client_account-console}", - "rootUrl" : "${authBaseUrl}", - "baseUrl" : "/realms/opendatenschutzcenter/account/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/realms/opendatenschutzcenter/account/*" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+", - "pkce.code.challenge.method" : "S256" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "0eae0606-9ec8-425a-82f6-297b63b7cf45", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - } ], - "defaultClientScopes" : [ ], - "optionalClientScopes" : [ ] - }, { - "id" : "0cb22b97-aa3f-4d34-88f9-3a7677ffe2d7", - "clientId" : "admin-cli", - "name" : "${client_admin-cli}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : false, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ ], - "optionalClientScopes" : [ ] - }, { - "id" : "4a5b0cfb-560f-410f-98ce-85371bc14188", - "clientId" : "broker", - "name" : "${client_broker}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ ], - "optionalClientScopes" : [ ] - }, { - "id" : "e0d7a685-a075-4834-a6ca-cb40d734f4af", - "clientId" : "opendatenschutzcenter", - "name" : "", - "description" : "", - "rootUrl" : "http://localhost:8000", - "adminUrl" : "http://localhost:8000", - "baseUrl" : "", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "YBpDk2g9Jacdvq6CHvtgIfUi87OoAI31", - "redirectUris" : [ "http://localhost:8000/*" ], - "webOrigins" : [ "http://localhost:8000" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : true, - "authorizationServicesEnabled" : true, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "saml.force.post.binding" : "false", - "saml.multivalued.roles" : "false", - "post.logout.redirect.uris" : "+", - "oauth2.device.authorization.grant.enabled" : "false", - "backchannel.logout.revoke.offline.tokens" : "false", - "saml.server.signature.keyinfo.ext" : "false", - "use.refresh.tokens" : "true", - "oidc.ciba.grant.enabled" : "false", - "backchannel.logout.session.required" : "true", - "client_credentials.use_refresh_token" : "false", - "require.pushed.authorization.requests" : "false", - "saml.client.signature" : "false", - "id.token.as.detached.signature" : "false", - "saml.assertion.signature" : "false", - "saml.encrypt" : "false", - "saml.server.signature" : "false", - "exclude.session.state.from.auth.response" : "false", - "saml.artifact.binding" : "false", - "saml_force_name_id_format" : "false", - "tls.client.certificate.bound.access.tokens" : "false", - "acr.loa.map" : "{}", - "saml.authnstatement" : "false", - "display.on.consent.screen" : "false", - "token.response.type.bearer.lower-case" : "false", - "saml.onetimeuse.condition" : "false" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "bb473a9a-7933-413f-ae10-e8bbae9419ab", - "name" : "Client ID", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "client_id", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "client_id", - "jsonType.label" : "String" - } - }, { - "id" : "cbe7355e-b032-4878-b0e8-c35d0210d7fc", - "name" : "Client Host", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientHost", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientHost", - "jsonType.label" : "String" - } - }, { - "id" : "0cc67f74-b265-4f99-a970-372509263d1d", - "name" : "client roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-client-role-mapper", - "consentRequired" : false, - "config" : { - "multivalued" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "foo", - "id.token.claim" : "false", - "access.token.claim" : "true", - "claim.name" : "resource_access.${client_id}.roles", - "jsonType.label" : "String", - "usermodel.clientRoleMapping.clientId" : "opendatenschutzcenter" - } - }, { - "id" : "78b1be70-6c65-4db5-9ddd-5f50ce9c05a8", - "name" : "Client IP Address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientAddress", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientAddress", - "jsonType.label" : "String" - } - } ], - "defaultClientScopes" : [ "web-origins", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "clientId" : "realm-management", - "name" : "${client_realm-management}", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ ], - "optionalClientScopes" : [ ] - }, { - "id" : "779d8bf9-8e3b-4e00-8b44-079a4b5c27b9", - "clientId" : "security-admin-console", - "name" : "${client_security-admin-console}", - "rootUrl" : "${authAdminUrl}", - "baseUrl" : "/admin/opendatenschutzcenter/console/", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "/admin/opendatenschutzcenter/console/*" ], - "webOrigins" : [ "+" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : true, - "frontchannelLogout" : false, - "protocol" : "openid-connect", - "attributes" : { - "post.logout.redirect.uris" : "+", - "pkce.code.challenge.method" : "S256" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : false, - "nodeReRegistrationTimeout" : 0, - "protocolMappers" : [ { - "id" : "abb12e85-ae2f-4ca7-9e47-c0db54a1c164", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - } ], - "defaultClientScopes" : [ ], - "optionalClientScopes" : [ ] - } ], - "clientScopes" : [ { - "id" : "d1e51b56-4cf7-4648-96a6-03c02b828ee1", - "name" : "web-origins", - "description" : "OpenID Connect scope for add allowed web origins to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false", - "consent.screen.text" : "" - }, - "protocolMappers" : [ { - "id" : "2ee97b5d-5971-4557-bea6-aae326580504", - "name" : "allowed web origins", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-allowed-origins-mapper", - "consentRequired" : false, - "config" : { } - } ] - }, { - "id" : "1377be77-6e7a-404d-92ee-2424a34016c5", - "name" : "offline_access", - "description" : "OpenID Connect built-in scope: offline_access", - "protocol" : "openid-connect", - "attributes" : { - "consent.screen.text" : "${offlineAccessScopeConsentText}", - "display.on.consent.screen" : "true" - } - }, { - "id" : "30ce5b0d-fa54-4497-8e5c-55e17edafc25", - "name" : "microprofile-jwt", - "description" : "Microprofile - JWT built-in scope", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "a3fd6226-f310-4795-a2e2-e082f0867c51", - "name" : "upn", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "upn", - "jsonType.label" : "String" - } - }, { - "id" : "7c1f72fe-ab1a-4544-9e7d-33a76d6b839f", - "name" : "groups", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "multivalued" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "foo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "groups", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "e0f5b044-94b8-4d54-9c21-4b0ee7d146ae", - "name" : "acr", - "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "c78fd3d3-ae71-4493-aae6-a1c3ddd72e51", - "name" : "acr loa level", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-acr-mapper", - "consentRequired" : false, - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true" - } - } ] - }, { - "id" : "cc24231d-19a4-4375-8df4-3afa4e09cc8f", - "name" : "email", - "description" : "OpenID Connect built-in scope: email", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${emailScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "fa56b862-c2f5-4c1e-a6f7-8294be24a9bc", - "name" : "email verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "emailVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email_verified", - "jsonType.label" : "boolean" - } - }, { - "id" : "a8638bdd-1652-4319-bfa0-251e133a6278", - "name" : "email", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "email", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" - } - } ] - }, { - "id" : "7d8f1686-2e2d-4bd9-ad19-d5a1fd31ee9f", - "name" : "roles", - "description" : "OpenID Connect scope for add user roles to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "gui.order" : "", - "consent.screen.text" : "${rolesScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "6385b6b7-1363-4532-8cd6-b60c21d260d7", - "name" : "client roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-client-role-mapper", - "consentRequired" : false, - "config" : { - "multivalued" : "true", - "userinfo.token.claim" : "true", - "user.attribute" : "foo", - "id.token.claim" : "false", - "access.token.claim" : "true", - "claim.name" : "resource_access.${client_id}.roles", - "jsonType.label" : "String" - } - }, { - "id" : "736fe3f8-b7ce-4af6-ac4f-2ef41022cd0e", - "name" : "realm roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", - "consentRequired" : false, - "config" : { - "multivalued" : "true", - "userinfo.token.claim" : "false", - "user.attribute" : "foo", - "id.token.claim" : "false", - "access.token.claim" : "true", - "claim.name" : "realm_access.roles", - "jsonType.label" : "String" - } - }, { - "id" : "ea35eb38-2f08-4c4c-a6f8-ee1a148a6bdd", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - } ] - }, { - "id" : "e79f5230-f1fd-42c6-9b66-6e24a255d3df", - "name" : "role_list", - "description" : "SAML role list", - "protocol" : "saml", - "attributes" : { - "consent.screen.text" : "${samlRoleListScopeConsentText}", - "display.on.consent.screen" : "true" - }, - "protocolMappers" : [ { - "id" : "a9d5375c-46be-463a-9893-aa20c91adf40", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" - } - } ] - }, { - "id" : "90b95398-a629-4ad5-b985-d85a61580cc3", - "name" : "phone", - "description" : "OpenID Connect built-in scope: phone", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${phoneScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "9fd40c6d-260b-4a19-bcd1-e73b145dfb2d", - "name" : "phone number", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumber", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number", - "jsonType.label" : "String" - } - }, { - "id" : "1a550077-2a56-4985-aa90-df56b4ac3588", - "name" : "phone number verified", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumberVerified", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number_verified", - "jsonType.label" : "boolean" - } - } ] - }, { - "id" : "eb03e9fa-ff70-42ec-a3ea-eb379638d14a", - "name" : "address", - "description" : "OpenID Connect built-in scope: address", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${addressScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "1fcb2b05-6983-4398-9261-983e0cce9c16", - "name" : "address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-address-mapper", - "consentRequired" : false, - "config" : { - "user.attribute.formatted" : "formatted", - "user.attribute.country" : "country", - "user.attribute.postal_code" : "postal_code", - "userinfo.token.claim" : "true", - "user.attribute.street" : "street", - "id.token.claim" : "true", - "user.attribute.region" : "region", - "access.token.claim" : "true", - "user.attribute.locality" : "locality" - } - } ] - }, { - "id" : "9d9c21a1-0e86-4e5f-9d4e-bdd6b6cec8ab", - "name" : "profile", - "description" : "OpenID Connect built-in scope: profile", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${profileScopeConsentText}" - }, - "protocolMappers" : [ { - "id" : "4743649d-3337-4669-a6b4-53213195a6e2", - "name" : "zoneinfo", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "zoneinfo", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "zoneinfo", - "jsonType.label" : "String" - } - }, { - "id" : "b7609383-ed87-4ff6-a122-d2b390912699", - "name" : "username", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "preferred_username", - "jsonType.label" : "String" - } - }, { - "id" : "b3fb62b1-2880-416a-b810-1bbc6bc71cb3", - "name" : "profile", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "profile", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "profile", - "jsonType.label" : "String" - } - }, { - "id" : "f204f321-8507-4310-91a4-c48cd4d8ae8e", - "name" : "family name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "lastName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "family_name", - "jsonType.label" : "String" - } - }, { - "id" : "a9259364-f3b2-4ce2-9e99-72491c213ea9", - "name" : "updated at", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "updatedAt", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "updated_at", - "jsonType.label" : "String" - } - }, { - "id" : "084aedd5-2214-4385-9c56-ca9eb13f474b", - "name" : "locale", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "locale", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" - } - }, { - "id" : "70374f36-6d5d-4a0d-8d09-b873ce03269b", - "name" : "middle name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "middleName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "middle_name", - "jsonType.label" : "String" - } - }, { - "id" : "25f58448-5e6f-4aa7-bc07-4c80cf8a1419", - "name" : "nickname", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "nickname", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "nickname", - "jsonType.label" : "String" - } - }, { - "id" : "6afd06e2-48b2-4876-9d4b-a07d9fc08a4d", - "name" : "gender", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "gender", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "gender", - "jsonType.label" : "String" - } - }, { - "id" : "f2bc5c3f-d5b0-42ae-82f6-14b231243121", - "name" : "picture", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "picture", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "picture", - "jsonType.label" : "String" - } - }, { - "id" : "f6c11e6f-d74e-439f-a657-b0077b0e01a3", - "name" : "given name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "firstName", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "given_name", - "jsonType.label" : "String" - } - }, { - "id" : "9e79ea6c-fe2f-42c4-9aac-625e497e4601", - "name" : "full name", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", - "consentRequired" : false, - "config" : { - "id.token.claim" : "true", - "access.token.claim" : "true", - "userinfo.token.claim" : "true" - } - }, { - "id" : "f14c621f-deb5-4ddb-be0d-c3975258ed42", - "name" : "birthdate", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "birthdate", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "birthdate", - "jsonType.label" : "String" - } - }, { - "id" : "088a543c-3e84-41b9-84f5-4cc526145ac4", - "name" : "website", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "website", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "website", - "jsonType.label" : "String" - } - } ] - } ], - "defaultDefaultClientScopes" : [ "profile", "email", "web-origins", "role_list", "acr", "roles" ], - "defaultOptionalClientScopes" : [ "offline_access", "microprofile-jwt", "phone", "address" ], - "browserSecurityHeaders" : { - "contentSecurityPolicyReportOnly" : "", - "xContentTypeOptions" : "nosniff", - "referrerPolicy" : "no-referrer", - "xRobotsTag" : "none", - "xFrameOptions" : "SAMEORIGIN", - "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection" : "1; mode=block", - "strictTransportSecurity" : "max-age=31536000; includeSubDomains" - }, - "smtpServer" : { - "password" : "password", - "starttls" : "false", - "auth" : "true", - "port" : "587", - "host" : "localhost", - "from" : "test@local.de", - "ssl" : "false", - "user" : "username" - }, - "eventsEnabled" : false, - "eventsListeners" : [ "jboss-logging" ], - "enabledEventTypes" : [ ], - "adminEventsEnabled" : false, - "adminEventsDetailsEnabled" : false, - "identityProviders" : [ ], - "identityProviderMappers" : [ ], - "components" : { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { - "id" : "efe2a0c8-5a0f-473a-a778-bd0a9c376165", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "f93bad93-3cf7-4d9e-b2f8-6a8ddc88159e", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-address-mapper" ] - } - }, { - "id" : "2c3b38fe-fb23-4a41-b49f-a4638b0f62c9", - "name" : "Max Clients Limit", - "providerId" : "max-clients", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "max-clients" : [ "200" ] - } - }, { - "id" : "ad5c9eaa-95c9-4596-af58-cc2edb68c48f", - "name" : "Full Scope Disabled", - "providerId" : "scope", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - }, { - "id" : "7eda31ba-422f-4920-a8a2-f72f012ceb73", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "authenticated", - "subComponents" : { }, - "config" : { - "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper" ] - } - }, { - "id" : "b8993997-ec44-432c-8e52-bc9df863b9a8", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "allow-default-scopes" : [ "true" ] - } - }, { - "id" : "c7f9cc26-79d1-452e-a77a-dc3828e341af", - "name" : "Trusted Hosts", - "providerId" : "trusted-hosts", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { - "host-sending-registration-request-must-match" : [ "true" ], - "client-uris-must-match" : [ "true" ] - } - }, { - "id" : "d2e987b2-8f9a-4339-8664-7f0c3cc50f48", - "name" : "Consent Required", - "providerId" : "consent-required", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - } ], - "org.keycloak.userprofile.UserProfileProvider" : [ { - "id" : "ca74e147-e17a-4942-83df-d3a0f75c1036", - "providerId" : "declarative-user-profile", - "subComponents" : { }, - "config" : { } - } ], - "org.keycloak.keys.KeyProvider" : [ { - "id" : "6e15cea5-b658-41d7-b296-eb6d53b8eb4f", - "name" : "aes-generated", - "providerId" : "aes-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "fb133405-b6cb-4256-8185-dcdaf3af1d53" ], - "secret" : [ "5IhMcVYhRKxRvrADXsEjNw" ], - "priority" : [ "100" ] - } - }, { - "id" : "c800a710-09d2-45eb-b031-9974f4a28f65", - "name" : "rsa-enc-generated", - "providerId" : "rsa-enc-generated", - "subComponents" : { }, - "config" : { - "privateKey" : [ "MIIEogIBAAKCAQEAnMLw/Zyj9hANLvPWAnxMuu1ggIdFV4+3Rxp9ahyxo63vucAAzD98p9A0EGUOOa2L2O9aW3awBGG6zZ1KJEHerdmTMPSTxnp7GyOnEuBBU3+l0xbYpmD04TvQKMR4+xktj73jrMMBKjL6RR4n+7bKqa8HJzbxfPnNS2ml+pBBVAmdL2UInul1zWcSwARpC20jBwNZvd5HBYcj7F9rBzYQ9LLnJqUMV8pU76H//zpbmjQtN8Y6GazC6inr/NLgAiQqOrQ7h8cVOAb+K3Ggo+p2bSW528dHzlC93PNIKv3Zwe+GR1D9PIYPjOzyRk9IRARLhzv/WG2Wnts/V/eKglePWQIDAQABAoIBAAjP3IQlHgJi/Jq7EjipjBal6VrQP9GgPok8r/gbDNFKocMrS+AvYW59ga+6PoZ3fvj+23Fwxow4giu0v8ox+baEGIYT+Yqar/jilC23dXSgJE4tZphTsvBGUHk6MiLLU4hVAEth2troarEf9Ndtew72y8wkhoaj9CpdEft3yHRUz36zS4YSiOPjWY21yFOM+a+VecGAhn2Jq6wIpVIgWSTTU+v75tO1Rkoqz6P1PLAOVv1GdZhxvswGKoZ4gi801Cl1FKy9JBojYlXMvTQhMDqDI25LCe5340LnrUJKFcJSumBRGNOOW8NhGCBG27pIjCGUyJ5HG1hn8Ne4q2lr9UECgYEAy7qjLtl2Kx6XrC4RZCnTm2jBQUAOsh18Hb3j+YH/xGDxfxI9x27LH6OBfRhCVbMHfT/Z04fansWovGffMg6qRc95ZXu1Kh09+XOUkFxUfs58kLjtcnEP+EQBC2krz5x7nrN09twZ9VT3fztWj3zSNq1/Mn7UlXSMMWSO2BTrYI0CgYEAxPtfk6FzXSNCGPIrTZ0hpMPXRDO3Hy++x4W9Obxo8DabRjdwPxmh9AQPJvvBOGbTQEF7WZTsmZif3LS00Lc6SJplfl0blqe++qEin142UxbIb1w3fWyxOZcTBmsklwsDSF+jzDzmc5m9nTKDJRpJQx8p4piTDfw3noNJWQ6utP0CgYB2Bk7pIkRKILP/pMSggXa8rshek8yvtVMlK9A5yO0yiHL/icLOmcoFL0UiAn7ThR8OmYIJAMhPePUTCR4Nst9ECDks6KkAl+ZCcIodw8+Tku4pLWkqBoQY8NSmFqyx3tbjDtXw+Xv0W9/yDp9MCyUBViu9RirD1rwtFTOHzT67NQKBgDFtll0YLTeYylQyKFWQcUnD7rdpdrD3rRqp34KmWXq1aR8keCENUItHnXm9wI1jl+zOwaIH8ZrVJoAeRCT/ZTukqoUb3fle3FhNqL9ux5jv5Zmz/SSW6p214AtDRWo1VDyL6zErsvQdBux0KV5dCzcxkbQPbw8aU+aNsREM0yANAoGAMirI3lGUx80sgxi1SwqwBWgBQKiuuqzzVbzWslbvPexlcbb4yDKxkDdcr/2JIFzVhRQUBZ3vV2Utr8W3d04AgQazJluFWcKZnzG1RAlIiWdvenQmpUbNvXcAZab6BAnVksIx5q+Dd+puQvwZ1RsfUojzZdxtqqSAmjDfrKwYlkc=" ], - "certificate" : [ "MIICuTCCAaECBgGJbVjz/zANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBVvcGVuZGF0ZW5zY2h1dHpjZW50ZXIwHhcNMjMwNzE5MDg0OTUzWhcNMzMwNzE5MDg1MTMzWjAgMR4wHAYDVQQDDBVvcGVuZGF0ZW5zY2h1dHpjZW50ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcwvD9nKP2EA0u89YCfEy67WCAh0VXj7dHGn1qHLGjre+5wADMP3yn0DQQZQ45rYvY71pbdrAEYbrNnUokQd6t2ZMw9JPGensbI6cS4EFTf6XTFtimYPThO9AoxHj7GS2PveOswwEqMvpFHif7tsqprwcnNvF8+c1LaaX6kEFUCZ0vZQie6XXNZxLABGkLbSMHA1m93kcFhyPsX2sHNhD0sucmpQxXylTvof//OluaNC03xjoZrMLqKev80uACJCo6tDuHxxU4Bv4rcaCj6nZtJbnbx0fOUL3c80gq/dnB74ZHUP08hg+M7PJGT0hEBEuHO/9YbZae2z9X94qCV49ZAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAEzWDeeF+YaorA1rSukMniMq0986YyjpzFCquyGLJljMVI9vIWe28a5dVipdtnmE92L8m90GgsoNLteBcPk0rnnlacKt5/QKRmHeVGAYi61ADgaBPnEoTu91MExrIEf54+J7A21YrgCPKMU1zQwZH+g3GTIqXaQKHtrYAhUVQlbcSNj5bS8mQmQ9fj8WlE2gVej6W6uJAQbbTuPEFXc3uH0mFoAo5RCertzNmKW9dUsg+E/3D+gWIljWYcnsilry2MmcEObDx/PZDw0YfNbF/NEkHDI0+vOr3jTV6BPG/vqn7q9kvLcPNaygCu546xkxu8+fBWKiNH1XVxQF++kihsU=" ], - "priority" : [ "100" ], - "algorithm" : [ "RSA-OAEP" ] - } - }, { - "id" : "ff7d8edf-f47b-4683-9619-705786944f15", - "name" : "hmac-generated", - "providerId" : "hmac-generated", - "subComponents" : { }, - "config" : { - "kid" : [ "05e76b22-7985-4085-94d2-2421477c0944" ], - "secret" : [ "j-6QsueBrgXi4j1m2k1tEm3fAZocVIAgVaVl7TYXs8AyPxfh9chiKpBN6e5TCzpjNDit2shtuaKBWvgfjAw6gg" ], - "priority" : [ "100" ], - "algorithm" : [ "HS256" ] - } - }, { - "id" : "0aa46395-bdac-4eeb-b562-13089a3ba49f", - "name" : "rsa-generated", - "providerId" : "rsa-generated", - "subComponents" : { }, - "config" : { - "privateKey" : [ "MIIEpAIBAAKCAQEAzb+AMNjrizv8msrg5uIvC7M8CU4gKkqXfvPXE/I4YAJuucvSkc5fzPw/RdAdvqaxNI7jJeR+eirg8UoVLhIHPYsOjtIZxvVqMKF/5mCz0L8QKMZrboJ7H5DaC9mUtiBkdeRvUI1jtLGv4aHVJRUgbycaN2uNJ18plhT/4bddY0YhW1cFSGxCmCs+QqCwFaBrrzfPXtBgAH8VMZ+VodM0Iq6G0/Rk19VBnXB9waWjS4gkkOLG8MdO/9rpHzY/lSFbt1f8SY6ghrIeQlWqM/S+l5kJrB8+KTnWw0PatckzrkSGFTOkzslN6z4Jtx14vKtWTd46H3yKZj1BlZOwhO0lqwIDAQABAoIBAA9plli9EdKkSQ/vaAQ4/VKLDVGadfO1Er7X1Uy74FfmLBU5nNR/Tn3fMijbUN8Z7ZGvrSRcMX1FU68U4EagjcT2cxNlJGPbDnwGHRFM59YYpJqUAog3Y1xspWjYgQ4DmdhFpxu0UREVc8TF3V73GNmQEaQFJ9XDMyz4SxLFgaFmBPZani637LeYcVrWdSDxSwBn00AQIR66QT7u4S8vs+bWU/TQTKOGWjXdrUCr/e8MzLkQdbW+qQ2i79FY0AIonZeKYYe9BOFXGAVIadkVMDLR4XkawOEQz8PKlyF+zJHLjQKzCZPdZJjrh6vwPMwH7Sh+9RqFDdA206eYRBMymIECgYEA++vz5yE0yqa5ImCC8cTYf8sQtqb8/E5DZYauBSI51NkyqZKdij/RfJzd/tgOq4hb79JlYXGdtsBDW7944J73I5Hvn7/pHSMjXQf2wdY03kWncspH5zMDoa/f9tdIaqd66VvyWR++LiMiMInWcfuP85crhSvPzkBo3fz4M4LWSZkCgYEA0RQwZ4ElErx5kX3eDtwOoj4c5Ns/X5WNCOEHh2vyNM/5Ac1I32Z+iLXn2hRajToPpGCiuiK9wDYROAyNU4sPZQ192/DDB7czUyV9Z/DH3+cKiNIviT1R1gAT65UNDbBKBamKE5AWgKbeN1hACQjkHmprosw1r8Z5Ym1LwfAU2+MCgYEA1/oQHuVvFxYcvoYzfQcf/V+gspczaTPHwDDY3HndTsfvEUYrXi0cclMiV6vv18uN1mtwkzwO1HC8ztm2zgw7IPmqkDC9sEdBuC5ttPzqUm0xA868GlC4GlRoFH25DgcL7yju+s2mBHQGicqCWTIs1c+Sdhd7jv3VagvI1pCjGnECgYAFmU/OhcPTY56xybgXl8cAiz9E1aY1zhBvy27jLn3W8jbN2Ix6BwmeaZii22atX3+pvDi/WUzRh+EgKh3ivdeUsi7Lo//lBf/m2xsnnGgN0+cRUOea+jxlyay+40ftNOpWinq7GWGw4kcTHlbgpw9MzTbCrktFwL/hZeHgeKhmVwKBgQC5YW269iGBKLGMqMPcoLkRCTHxjknLsBUQfE/QegKH7uKX6uE6i6v3rDkWOD0u/3BYtZ1rEaigSjGk2oRlybCO3QkwXns+eg9zn/l0O3JluYSisVa3NEc5OsYo17mbDtvVNmOPuXPZoOgFjy2lG1RFVkUoCbM8nlgbgdkaelJwxA==" ], - "certificate" : [ "MIICuTCCAaECBgGJbVj0ZTANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBVvcGVuZGF0ZW5zY2h1dHpjZW50ZXIwHhcNMjMwNzE5MDg0OTUzWhcNMzMwNzE5MDg1MTMzWjAgMR4wHAYDVQQDDBVvcGVuZGF0ZW5zY2h1dHpjZW50ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNv4Aw2OuLO/yayuDm4i8LszwJTiAqSpd+89cT8jhgAm65y9KRzl/M/D9F0B2+prE0juMl5H56KuDxShUuEgc9iw6O0hnG9WowoX/mYLPQvxAoxmtugnsfkNoL2ZS2IGR15G9QjWO0sa/hodUlFSBvJxo3a40nXymWFP/ht11jRiFbVwVIbEKYKz5CoLAVoGuvN89e0GAAfxUxn5Wh0zQirobT9GTX1UGdcH3BpaNLiCSQ4sbwx07/2ukfNj+VIVu3V/xJjqCGsh5CVaoz9L6XmQmsHz4pOdbDQ9q1yTOuRIYVM6TOyU3rPgm3HXi8q1ZN3joffIpmPUGVk7CE7SWrAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAI+JeDCkDDAwTfKkiqMUcWvf4C1xiDMLhSeqZyDMO3fP72kqNUJsjdIRxfz8oRHwmCDIFt2A8ijciYC43PtziztP9GBws5W3F4FYA3VeK7FkTwtWgVQzijJzOupKoxnIaEilKTVJzxUyFRVNWjMzCNy7bfyNQOowE2HqB+8qY7Z31EbSjW9qLOKohxaAX0Act6hLCD4iMsrTPTJp+Q2Bp9o/tB1ZT2i1ggbL4eTxGnC/r9w97EsnY9bUkKk+1phCnh89/LNJSP3dEt1JZ6kb8hx+WdwFXOitk0E6fhuKJ3gr8cINxSYEtxnn2CjPa5Syex3g4PcStI3pNOMDchqXzXk=" ], - "priority" : [ "100" ] - } - } ] - }, - "internationalizationEnabled" : false, - "supportedLocales" : [ ], - "authenticationFlows" : [ { - "id" : "d9d8201c-1284-43fe-8ee7-f0e5adbb331f", - "alias" : "Account verification options", - "description" : "Method with which to verity the existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-email-verification", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Verify Existing Account by Re-authentication", - "userSetupAllowed" : false - } ] - }, { - "id" : "d8e6dd83-3e08-44ed-89e7-b717ffab3d9f", - "alias" : "Browser - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-otp-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "8cc003d8-4ded-4d60-959c-5bb7d74c51f7", - "alias" : "Direct Grant - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "direct-grant-validate-otp", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "511a4157-43dc-4f5a-a4ee-66b8ba25e251", - "alias" : "First broker login - Conditional OTP", - "description" : "Flow to determine if the OTP is required for the authentication", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-otp-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "012aa6f2-077e-494c-b864-d1d2550116da", - "alias" : "Handle Existing Account", - "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-confirm-link", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Account verification options", - "userSetupAllowed" : false - } ] - }, { - "id" : "f0c9c65c-f0ef-4878-aee1-63cd78451e85", - "alias" : "Reset - Conditional OTP", - "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "conditional-user-configured", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-otp", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "86aa1500-3463-4129-a0d8-f27c35b76e58", - "alias" : "User creation or linking", - "description" : "Flow for the existing/non-existing user alternatives", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "create unique user config", - "authenticator" : "idp-create-user-if-unique", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Handle Existing Account", - "userSetupAllowed" : false - } ] - }, { - "id" : "9ebd92e3-9e6f-4d3b-b17a-6e4f18e8ed57", - "alias" : "Verify Existing Account by Re-authentication", - "description" : "Reauthentication of existing account", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "idp-username-password-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "First broker login - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "6ce4da9d-e6b4-45b3-b171-93fefe8c973f", - "alias" : "browser", - "description" : "browser based authentication", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-cookie", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "auth-spnego", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "identity-provider-redirector", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 25, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "ALTERNATIVE", - "priority" : 30, - "autheticatorFlow" : true, - "flowAlias" : "forms", - "userSetupAllowed" : false - } ] - }, { - "id" : "152ab148-f034-4163-a8d5-4674282dbee3", - "alias" : "clients", - "description" : "Base authentication for clients", - "providerId" : "client-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "client-secret", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-jwt", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-secret-jwt", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 30, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "client-x509", - "authenticatorFlow" : false, - "requirement" : "ALTERNATIVE", - "priority" : 40, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "97f5d15c-e9b8-4bfc-90fc-3498b433677c", - "alias" : "direct grant", - "description" : "OpenID Connect Resource Owner Grant", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "direct-grant-validate-username", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "direct-grant-validate-password", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 30, - "autheticatorFlow" : true, - "flowAlias" : "Direct Grant - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "2a43f720-d624-47a4-94be-d92ebe1c9fcf", - "alias" : "docker auth", - "description" : "Used by Docker clients to authenticate against the IDP", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "docker-http-basic-authenticator", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "03970b51-ff94-4c61-8141-58df327c78c7", - "alias" : "first broker login", - "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticatorConfig" : "review profile config", - "authenticator" : "idp-review-profile", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "User creation or linking", - "userSetupAllowed" : false - } ] - }, { - "id" : "55592003-83a5-41cc-bac4-81e6c08ad8ad", - "alias" : "forms", - "description" : "Username, password, otp and other auth forms.", - "providerId" : "basic-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "auth-username-password-form", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 20, - "autheticatorFlow" : true, - "flowAlias" : "Browser - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "aa8b7525-4e90-4684-926b-90a71ccf4828", - "alias" : "registration", - "description" : "registration flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-page-form", - "authenticatorFlow" : true, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : true, - "flowAlias" : "registration form", - "userSetupAllowed" : false - } ] - }, { - "id" : "63ada0c0-27d5-4550-b804-aeccfbec4d18", - "alias" : "registration form", - "description" : "registration form", - "providerId" : "form-flow", - "topLevel" : false, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "registration-user-creation", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-profile-action", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 40, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-password-action", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 50, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "registration-recaptcha-action", - "authenticatorFlow" : false, - "requirement" : "DISABLED", - "priority" : 60, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - }, { - "id" : "e33ebd5c-8923-4924-93c8-5ecffb68ac0e", - "alias" : "reset credentials", - "description" : "Reset credentials for a user if they forgot their password or something", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "reset-credentials-choose-user", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-credential-email", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 20, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticator" : "reset-password", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 30, - "autheticatorFlow" : false, - "userSetupAllowed" : false - }, { - "authenticatorFlow" : true, - "requirement" : "CONDITIONAL", - "priority" : 40, - "autheticatorFlow" : true, - "flowAlias" : "Reset - Conditional OTP", - "userSetupAllowed" : false - } ] - }, { - "id" : "a2ef0068-8769-46e6-b3ff-c006dfa3f6a2", - "alias" : "saml ecp", - "description" : "SAML ECP Profile Authentication Flow", - "providerId" : "basic-flow", - "topLevel" : true, - "builtIn" : true, - "authenticationExecutions" : [ { - "authenticator" : "http-basic-authenticator", - "authenticatorFlow" : false, - "requirement" : "REQUIRED", - "priority" : 10, - "autheticatorFlow" : false, - "userSetupAllowed" : false - } ] - } ], - "authenticatorConfig" : [ { - "id" : "6b4de39e-3e9f-4f7f-9551-ff1b3479c179", - "alias" : "create unique user config", - "config" : { - "require.password.update.after.registration" : "false" - } - }, { - "id" : "d581541f-5322-408c-bea7-0dff2df1752d", - "alias" : "review profile config", - "config" : { - "update.profile.on.first.login" : "missing" - } - } ], - "requiredActions" : [ { - "alias" : "CONFIGURE_TOTP", - "name" : "Configure OTP", - "providerId" : "CONFIGURE_TOTP", - "enabled" : true, - "defaultAction" : false, - "priority" : 10, - "config" : { } - }, { - "alias" : "TERMS_AND_CONDITIONS", - "name" : "Terms and Conditions", - "providerId" : "TERMS_AND_CONDITIONS", - "enabled" : false, - "defaultAction" : false, - "priority" : 20, - "config" : { } - }, { - "alias" : "UPDATE_PASSWORD", - "name" : "Update Password", - "providerId" : "UPDATE_PASSWORD", - "enabled" : true, - "defaultAction" : false, - "priority" : 30, - "config" : { } - }, { - "alias" : "UPDATE_PROFILE", - "name" : "Update Profile", - "providerId" : "UPDATE_PROFILE", - "enabled" : true, - "defaultAction" : false, - "priority" : 40, - "config" : { } - }, { - "alias" : "VERIFY_EMAIL", - "name" : "Verify Email", - "providerId" : "VERIFY_EMAIL", - "enabled" : true, - "defaultAction" : false, - "priority" : 50, - "config" : { } - }, { - "alias" : "delete_account", - "name" : "Delete Account", - "providerId" : "delete_account", - "enabled" : false, - "defaultAction" : false, - "priority" : 60, - "config" : { } - }, { - "alias" : "update_user_locale", - "name" : "Update User Locale", - "providerId" : "update_user_locale", - "enabled" : true, - "defaultAction" : false, - "priority" : 1000, - "config" : { } - } ], - "browserFlow" : "browser", - "registrationFlow" : "registration", - "directGrantFlow" : "direct grant", - "resetCredentialsFlow" : "reset credentials", - "clientAuthenticationFlow" : "clients", - "dockerAuthenticationFlow" : "docker auth", - "attributes" : { - "cibaBackchannelTokenDeliveryMode" : "poll", - "cibaExpiresIn" : "120", - "cibaAuthRequestedUserHint" : "login_hint", - "oauth2DeviceCodeLifespan" : "600", - "clientOfflineSessionMaxLifespan" : "0", - "oauth2DevicePollingInterval" : "5", - "clientSessionIdleTimeout" : "0", - "parRequestUriLifespan" : "60", - "clientSessionMaxLifespan" : "0", - "clientOfflineSessionIdleTimeout" : "0", - "cibaInterval" : "5", - "realmReusableOtpCode" : "false" - }, - "keycloakVersion" : "22.0.1", - "userManagedAccessAllowed" : false, - "clientProfiles" : { - "profiles" : [ ] - }, - "clientPolicies" : { - "policies" : [ ] - } -} \ No newline at end of file diff --git a/keycloak/realm-export.json b/keycloak/realm-export.json deleted file mode 100644 index 77170fe6..00000000 --- a/keycloak/realm-export.json +++ /dev/null @@ -1,2135 +0,0 @@ -{ - "id": "opendatenschutzcenter", - "realm": "opendatenschutzcenter", - "notBefore": 0, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 5, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": true, - "registrationEmailAsUsername": true, - "rememberMe": true, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": true, - "editUsernameAllowed": false, - "bruteForceProtected": false, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 30, - "roles": { - "realm": [ - { - "id": "1e39316e-9362-40fd-b36e-98cdbaa88206", - "name": "default-roles-opendatenschutzcenter", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": [ - "offline_access", - "uma_authorization" - ], - "client": { - "account": [ - "view-profile", - "manage-account" - ] - } - }, - "clientRole": false, - "containerId": "opendatenschutzcenter", - "attributes": {} - }, - { - "id": "b5758b7c-d11f-488b-89ed-11acd496b5a3", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "opendatenschutzcenter", - "attributes": {} - }, - { - "id": "abed3730-b96d-43fa-a01a-a9b6de82386c", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "opendatenschutzcenter", - "attributes": {} - } - ], - "client": { - "realm-management": [ - { - "id": "38d7208c-fb9b-4df7-a424-41724e3429a9", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes": {} - }, - { - "id": "5478251e-264f-4eb8-8cd0-2e53c044654e", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes": {} - }, - { - "id": "bf17a3ce-ed84-4395-8955-b73e37f29d05", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes": {} - }, - { - "id": "e50dffff-9e6c-432a-bbea-cf041fab6f2f", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes": {} - }, - { - "id": "044225f4-3e61-449a-a3a8-97ac3f85f266", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes": {} - }, - { - "id": "8a0c305f-29f9-4466-96c5-4d2490b496fa", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes": {} - }, - { - "id": "763c2817-554d-4cc6-b6f0-7c70db458c6f", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes": {} - }, - { - "id": "e85936e0-da6a-48fe-bce8-a4b2ec065c6a", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes": {} - }, - { - "id": "1672e14d-d431-4166-9463-17d71bb79997", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes": {} - }, - { - "id": "aac81c3d-dfbd-4220-8abc-16744384d1ce", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes": {} - }, - { - "id": "79669483-b6a7-4b05-a9d8-20c3dba7bc3a", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes": {} - }, - { - "id": "34236bf4-7681-4fc8-984e-f1a248025a41", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes": {} - }, - { - "id": "df5c1e5d-dc53-4a15-bd4b-742b02305acd", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes": {} - }, - { - "id": "4aa69096-01bb-4ae2-8d80-7481e2c2f6ca", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes": {} - }, - { - "id": "53a73235-04b2-4db8-a686-49c8baf716a4", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes": {} - }, - { - "id": "5f306975-1694-465b-823f-51557a183fd8", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "view-realm", - "create-client", - "query-groups", - "view-clients", - "query-realms", - "manage-realm", - "manage-identity-providers", - "view-authorization", - "view-identity-providers", - "view-events", - "query-clients", - "manage-clients", - "manage-users", - "query-users", - "impersonation", - "manage-authorization", - "manage-events", - "view-users" - ] - } - }, - "clientRole": true, - "containerId": "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes": {} - }, - { - "id": "79bd5266-7e33-4883-876f-35767980453b", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes": {} - }, - { - "id": "29daccc2-5362-449b-8da1-5c7609e77d25", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes": {} - }, - { - "id": "b915a638-f8c4-4950-be07-852d34ab4169", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-groups", - "query-users" - ] - } - }, - "clientRole": true, - "containerId": "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "attributes": {} - } - ], - "opendatenschutzcenter": [], - "security-admin-console": [], - "admin-cli": [], - "account-console": [], - "broker": [ - { - "id": "359ce66a-2b57-4c14-9e13-099e101b2b6a", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "4a5b0cfb-560f-410f-98ce-85371bc14188", - "attributes": {} - } - ], - "account": [ - { - "id": "74fd6684-2ee1-4ea9-adc9-58736b395f10", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "170f55bf-4418-47f9-a248-4010687f6214", - "attributes": {} - }, - { - "id": "5399f61d-a67d-40b9-9958-8dc4df28caee", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "170f55bf-4418-47f9-a248-4010687f6214", - "attributes": {} - }, - { - "id": "a3c0bcac-750d-477e-9806-72af93de5c2a", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": [ - "view-consent" - ] - } - }, - "clientRole": true, - "containerId": "170f55bf-4418-47f9-a248-4010687f6214", - "attributes": {} - }, - { - "id": "10e9cb15-37b9-4825-830f-3329d81b0421", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "170f55bf-4418-47f9-a248-4010687f6214", - "attributes": {} - }, - { - "id": "dc93a52d-30bd-48df-b303-56a83fe72bca", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "170f55bf-4418-47f9-a248-4010687f6214", - "attributes": {} - }, - { - "id": "e0f3ee32-5e3a-46c7-bbf1-5df3dee4cf0f", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": [ - "manage-account-links" - ] - } - }, - "clientRole": true, - "containerId": "170f55bf-4418-47f9-a248-4010687f6214", - "attributes": {} - }, - { - "id": "fa19b2a4-60e0-4f6f-8738-9b1c8da777c7", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "170f55bf-4418-47f9-a248-4010687f6214", - "attributes": {} - } - ] - } - }, - "groups": [ - { - "id": "ff65e179-38ca-4ca7-a244-ef80b160e3df", - "name": "all", - "path": "/all", - "attributes": {}, - "realmRoles": [], - "clientRoles": {}, - "subGroups": [] - } - ], - "defaultRole": { - "id": "1e39316e-9362-40fd-b36e-98cdbaa88206", - "name": "default-roles-opendatenschutzcenter", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "opendatenschutzcenter" - }, - "defaultGroups": [ - "/all" - ], - "requiredCredentials": [ - "password" - ], - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" - ], - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - } - ], - "clientScopeMappings": { - "account": [ - { - "client": "account-console", - "roles": [ - "manage-account" - ] - } - ] - }, - "clients": [ - { - "id": "170f55bf-4418-47f9-a248-4010687f6214", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/opendatenschutzcenter/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/opendatenschutzcenter/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [], - "optionalClientScopes": [] - }, - { - "id": "43a8c6a3-475d-4dd6-8f11-03a955ebe93e", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/opendatenschutzcenter/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/opendatenschutzcenter/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "0eae0606-9ec8-425a-82f6-297b63b7cf45", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ], - "defaultClientScopes": [], - "optionalClientScopes": [] - }, - { - "id": "0cb22b97-aa3f-4d34-88f9-3a7677ffe2d7", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [], - "optionalClientScopes": [] - }, - { - "id": "4a5b0cfb-560f-410f-98ce-85371bc14188", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [], - "optionalClientScopes": [] - }, - { - "id": "e0d7a685-a075-4834-a6ca-cb40d734f4af", - "clientId": "opendatenschutzcenter", - "rootUrl": "", - "adminUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "", - "redirectUris": [ - "/*" - ], - "webOrigins": [ - "" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "id.token.as.detached.signature": "false", - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "oauth2.device.authorization.grant.enabled": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "use.refresh.tokens": "true", - "exclude.session.state.from.auth.response": "false", - "oidc.ciba.grant.enabled": "false", - "saml.artifact.binding": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "require.pushed.authorization.requests": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "roles", - "profile", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "cc776261-d979-4bc0-ac55-758f7d7c6d25", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [], - "optionalClientScopes": [] - }, - { - "id": "779d8bf9-8e3b-4e00-8b44-079a4b5c27b9", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/opendatenschutzcenter/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/admin/opendatenschutzcenter/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "abb12e85-ae2f-4ca7-9e47-c0db54a1c164", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [], - "optionalClientScopes": [] - } - ], - "clientScopes": [ - { - "id": "d1e51b56-4cf7-4648-96a6-03c02b828ee1", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "2ee97b5d-5971-4557-bea6-aae326580504", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "1377be77-6e7a-404d-92ee-2424a34016c5", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "id": "30ce5b0d-fa54-4497-8e5c-55e17edafc25", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "a3fd6226-f310-4795-a2e2-e082f0867c51", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - }, - { - "id": "7c1f72fe-ab1a-4544-9e7d-33a76d6b839f", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "userinfo.token.claim": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "cc24231d-19a4-4375-8df4-3afa4e09cc8f", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "fa56b862-c2f5-4c1e-a6f7-8294be24a9bc", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - }, - { - "id": "a8638bdd-1652-4319-bfa0-251e133a6278", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "7d8f1686-2e2d-4bd9-ad19-d5a1fd31ee9f", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "6385b6b7-1363-4532-8cd6-b60c21d260d7", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "736fe3f8-b7ce-4af6-ac4f-2ef41022cd0e", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "ea35eb38-2f08-4c4c-a6f8-ee1a148a6bdd", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "e79f5230-f1fd-42c6-9b66-6e24a255d3df", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "a9d5375c-46be-463a-9893-aa20c91adf40", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "90b95398-a629-4ad5-b985-d85a61580cc3", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "9fd40c6d-260b-4a19-bcd1-e73b145dfb2d", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - }, - { - "id": "1a550077-2a56-4985-aa90-df56b4ac3588", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - } - ] - }, - { - "id": "eb03e9fa-ff70-42ec-a3ea-eb379638d14a", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "1fcb2b05-6983-4398-9261-983e0cce9c16", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "9d9c21a1-0e86-4e5f-9d4e-bdd6b6cec8ab", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "4743649d-3337-4669-a6b4-53213195a6e2", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "b7609383-ed87-4ff6-a122-d2b390912699", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "id": "b3fb62b1-2880-416a-b810-1bbc6bc71cb3", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "id": "f204f321-8507-4310-91a4-c48cd4d8ae8e", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "a9259364-f3b2-4ce2-9e99-72491c213ea9", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" - } - }, - { - "id": "084aedd5-2214-4385-9c56-ca9eb13f474b", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "70374f36-6d5d-4a0d-8d09-b873ce03269b", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "25f58448-5e6f-4aa7-bc07-4c80cf8a1419", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "6afd06e2-48b2-4876-9d4b-a07d9fc08a4d", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "f2bc5c3f-d5b0-42ae-82f6-14b231243121", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "f6c11e6f-d74e-439f-a657-b0077b0e01a3", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "9e79ea6c-fe2f-42c4-9aac-625e497e4601", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "f14c621f-deb5-4ddb-be0d-c3975258ed42", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "088a543c-3e84-41b9-84f5-4cc526145ac4", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - } - ] - } - ], - "defaultDefaultClientScopes": [ - "roles", - "profile", - "email", - "web-origins", - "role_list" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "microprofile-jwt", - "phone", - "address" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": { - "password": "", - - "auth": "true", - "port": "", - "host": "", - "from": "", - "user": "" - }, - "eventsEnabled": false, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [], - "adminEventsEnabled": false, - "adminEventsDetailsEnabled": false, - "identityProviders": [], - "identityProviderMappers": [], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "efe2a0c8-5a0f-473a-a778-bd0a9c376165", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "f93bad93-3cf7-4d9e-b2f8-6a8ddc88159e", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-sha256-pairwise-sub-mapper", - "saml-user-property-mapper", - "oidc-usermodel-property-mapper", - "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", - "saml-user-attribute-mapper", - "oidc-address-mapper", - "oidc-full-name-mapper" - ] - } - }, - { - "id": "2c3b38fe-fb23-4a41-b49f-a4638b0f62c9", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "ad5c9eaa-95c9-4596-af58-cc2edb68c48f", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "7eda31ba-422f-4920-a8a2-f72f012ceb73", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "saml-user-attribute-mapper", - "oidc-address-mapper", - "saml-user-property-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper", - "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-full-name-mapper" - ] - } - }, - { - "id": "b8993997-ec44-432c-8e52-bc9df863b9a8", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "c7f9cc26-79d1-452e-a77a-dc3828e341af", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "d2e987b2-8f9a-4339-8664-7f0c3cc50f48", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - } - ], - "org.keycloak.userprofile.UserProfileProvider": [ - { - "id": "ca74e147-e17a-4942-83df-d3a0f75c1036", - "providerId": "declarative-user-profile", - "subComponents": {}, - "config": {} - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "6e15cea5-b658-41d7-b296-eb6d53b8eb4f", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "c800a710-09d2-45eb-b031-9974f4a28f65", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "RSA-OAEP" - ] - } - }, - { - "id": "ff7d8edf-f47b-4683-9619-705786944f15", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } - }, - { - "id": "0aa46395-bdac-4eeb-b562-13089a3ba49f", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - } - ] - }, - "internationalizationEnabled": false, - "supportedLocales": [], - "authenticationFlows": [ - { - "id": "d9d8201c-1284-43fe-8ee7-f0e5adbb331f", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "f4202cd5-6d0c-405b-a366-0eebaa4a49ab", - "alias": "Authentication Options", - "description": "Authentication options.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "basic-auth", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "d8e6dd83-3e08-44ed-89e7-b717ffab3d9f", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "8cc003d8-4ded-4d60-959c-5bb7d74c51f7", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "511a4157-43dc-4f5a-a4ee-66b8ba25e251", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "012aa6f2-077e-494c-b864-d1d2550116da", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Account verification options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "f0c9c65c-f0ef-4878-aee1-63cd78451e85", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "86aa1500-3463-4129-a0d8-f27c35b76e58", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "9ebd92e3-9e6f-4d3b-b17a-6e4f18e8ed57", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "6ce4da9d-e6b4-45b3-b171-93fefe8c973f", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "152ab148-f034-4163-a8d5-4674282dbee3", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "97f5d15c-e9b8-4bfc-90fc-3498b433677c", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "2a43f720-d624-47a4-94be-d92ebe1c9fcf", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "03970b51-ff94-4c61-8141-58df327c78c7", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "User creation or linking", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "55592003-83a5-41cc-bac4-81e6c08ad8ad", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "fbba3bda-a429-4d55-b8e0-00136589cef8", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Authentication Options", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "aa8b7525-4e90-4684-926b-90a71ccf4828", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "63ada0c0-27d5-4550-b804-aeccfbec4d18", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-profile-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "e33ebd5c-8923-4924-93c8-5ecffb68ac0e", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "a2ef0068-8769-46e6-b3ff-c006dfa3f6a2", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "6b4de39e-3e9f-4f7f-9551-ff1b3479c179", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "d581541f-5322-408c-bea7-0dff2df1752d", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "terms_and_conditions", - "name": "Terms and Conditions", - "providerId": "terms_and_conditions", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", - "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", - "clientOfflineSessionMaxLifespan": "0", - "oauth2DevicePollingInterval": "5", - "clientSessionIdleTimeout": "0", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", - "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5" - }, - "keycloakVersion": "16.1.1", - "userManagedAccessAllowed": false, - "clientProfiles": { - "profiles": [] - }, - "clientPolicies": { - "policies": [] - } -} \ No newline at end of file diff --git a/security-checker.phar b/security-checker.phar deleted file mode 100644 index a69762ef..00000000 Binary files a/security-checker.phar and /dev/null differ