Skip to content

Commit

Permalink
build: realm import file contains prism-agent client
Browse files Browse the repository at this point in the history
  • Loading branch information
Pat Losoponkul committed Oct 3, 2023
1 parent 6d31f02 commit a23b7a5
Show file tree
Hide file tree
Showing 2 changed files with 143 additions and 20 deletions.
2 changes: 1 addition & 1 deletion infrastructure/shared/docker-compose-tmp-keycloak.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -156,8 +156,8 @@ services:
KEYCLOAK_ADMIN_PASSWORD: admin
KEYCLOAK_DATABASE_VENDOR: dev-mem
KEYCLOAK_EXTRA_ARGS: --import-realm
KEYCLOAK_EXTRA_ARGS_PREPENDED: --verbose
volumes:
# - ./keycloak/init-script.sh:/docker-entrypoint-initdb.d/init-script.sh
- ./keycloak/manage-realm.json:/opt/bitnami/keycloak/data/import/manage-realm.json

volumes:
Expand Down
161 changes: 142 additions & 19 deletions infrastructure/shared/keycloak/manage-realm.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,22 +110,22 @@
"client": {
"realm-management": [
"query-clients",
"query-realms",
"view-events",
"query-realms",
"create-client",
"view-identity-providers",
"manage-users",
"manage-realm",
"impersonation",
"manage-identity-providers",
"impersonation",
"view-realm",
"manage-authorization",
"query-groups",
"manage-authorization",
"manage-events",
"view-clients",
"view-authorization",
"manage-clients",
"query-users",
"manage-clients",
"view-users"
]
}
Expand Down Expand Up @@ -301,6 +301,16 @@
"security-admin-console": [],
"admin-cli": [],
"manage-frontend": [],
"prism-agent": [
{
"id": "e8e1b3d7-9284-4936-b4ce-3833f00a1f46",
"name": "uma_protection",
"composite": false,
"clientRole": true,
"containerId": "5b7289d4-0e9f-4048-afa6-d952a8345843",
"attributes": {}
}
],
"account-console": [],
"broker": [
{
Expand Down Expand Up @@ -418,8 +428,8 @@
"otpPolicyPeriod": 30,
"otpPolicyCodeReusable": false,
"otpSupportedApplications": [
"totpAppMicrosoftAuthenticatorName",
"totpAppGoogleName",
"totpAppMicrosoftAuthenticatorName",
"totpAppFreeOTPName"
],
"webAuthnPolicyRpEntityName": "keycloak",
Expand All @@ -442,6 +452,25 @@
"webAuthnPolicyPasswordlessCreateTimeout": 0,
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
"webAuthnPolicyPasswordlessAcceptableAaguids": [],
"users": [
{
"id": "592c7f9a-427e-4e17-a552-460b25ee39c1",
"createdTimestamp": 1696250936139,
"username": "service-account-prism-agent",
"enabled": true,
"totp": false,
"emailVerified": false,
"serviceAccountClientId": "prism-agent",
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": ["default-roles-manage"],
"clientRoles": {
"prism-agent": ["uma_protection"]
},
"notBefore": 0,
"groups": []
}
],
"scopeMappings": [
{
"clientScope": "offline_access",
Expand Down Expand Up @@ -731,6 +760,100 @@
"microprofile-jwt"
]
},
{
"id": "5b7289d4-0e9f-4048-afa6-d952a8345843",
"clientId": "prism-agent",
"name": "",
"description": "",
"rootUrl": "",
"adminUrl": "",
"baseUrl": "",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "**********",
"redirectUris": ["/*"],
"webOrigins": ["/*"],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": true,
"authorizationServicesEnabled": true,
"publicClient": false,
"frontchannelLogout": true,
"protocol": "openid-connect",
"attributes": {
"oidc.ciba.grant.enabled": "false",
"oauth2.device.authorization.grant.enabled": "false",
"client.secret.creation.time": "1696250936",
"backchannel.logout.session.required": "true",
"backchannel.logout.revoke.offline.tokens": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"protocolMappers": [
{
"id": "2be46b2c-0fff-4408-82c5-32124f75da51",
"name": "Client ID",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "client_id",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "client_id",
"jsonType.label": "String"
}
},
{
"id": "98ac64f2-e0bf-48ea-8dba-4d98e6d428c5",
"name": "Client Host",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientHost",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientHost",
"jsonType.label": "String"
}
},
{
"id": "11e191b0-9c9e-4a03-917f-b15c8a778f04",
"name": "Client IP Address",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientAddress",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientAddress",
"jsonType.label": "String"
}
}
],
"defaultClientScopes": [
"web-origins",
"acr",
"profile",
"roles",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "60a61ba1-3a8b-4d8b-a7c0-59555b5cc67e",
"clientId": "realm-management",
Expand Down Expand Up @@ -1482,14 +1605,14 @@
"subComponents": {},
"config": {
"allowed-protocol-mapper-types": [
"oidc-address-mapper",
"saml-role-list-mapper",
"oidc-sha256-pairwise-sub-mapper",
"saml-user-attribute-mapper",
"saml-user-property-mapper",
"oidc-full-name-mapper",
"oidc-usermodel-attribute-mapper",
"oidc-address-mapper",
"oidc-sha256-pairwise-sub-mapper",
"oidc-usermodel-property-mapper",
"saml-role-list-mapper"
"oidc-usermodel-property-mapper"
]
}
},
Expand Down Expand Up @@ -1520,14 +1643,14 @@
"subComponents": {},
"config": {
"allowed-protocol-mapper-types": [
"oidc-usermodel-attribute-mapper",
"oidc-sha256-pairwise-sub-mapper",
"oidc-address-mapper",
"saml-user-property-mapper",
"saml-role-list-mapper",
"saml-user-attribute-mapper",
"oidc-usermodel-attribute-mapper",
"oidc-usermodel-property-mapper",
"oidc-full-name-mapper",
"oidc-address-mapper",
"saml-role-list-mapper",
"saml-user-property-mapper"
"oidc-sha256-pairwise-sub-mapper"
]
}
},
Expand Down Expand Up @@ -2233,23 +2356,23 @@
"clientOfflineSessionMaxLifespan": "0",
"oauth2DevicePollingInterval": "5",
"clientSessionIdleTimeout": "0",
"actionTokenGeneratedByUserLifespan-execute-actions": "",
"userProfileEnabled": "true",
"actionTokenGeneratedByUserLifespan-verify-email": "",
"clientOfflineSessionIdleTimeout": "0",
"actionTokenGeneratedByUserLifespan-reset-credentials": "",
"cibaInterval": "5",
"realmReusableOtpCode": "false",
"cibaExpiresIn": "120",
"oauth2DeviceCodeLifespan": "600",
"actionTokenGeneratedByUserLifespan-idp-verify-account-via-email": "",
"parRequestUriLifespan": "60",
"clientSessionMaxLifespan": "0",
"frontendUrl": "",
"acr.loa.map": "{}",
"actionTokenGeneratedByUserLifespan-execute-actions": "",
"actionTokenGeneratedByUserLifespan-verify-email": "",
"actionTokenGeneratedByUserLifespan-reset-credentials": "",
"actionTokenGeneratedByUserLifespan-idp-verify-account-via-email": "",
"shortVerificationUri": ""
},
"keycloakVersion": "22.0.1",
"keycloakVersion": "22.0.3",
"userManagedAccessAllowed": false,
"clientProfiles": {
"profiles": []
Expand Down

0 comments on commit a23b7a5

Please sign in to comment.