diff --git a/.github/workflows/compose-test.yml b/.github/workflows/compose-test.yml new file mode 100644 index 0000000..bbc5cce --- /dev/null +++ b/.github/workflows/compose-test.yml @@ -0,0 +1,17 @@ +name: test-compose +on: + - workflow_dispatch + - pull_request + +jobs: + docker: + runs-on: ubuntu-latest + name: test docker-compose start + steps: + - uses: actions/checkout@v2 + - run: mkdir -p databases/{postgres,orientdb}/{backup,data} + - run: mkdir keys + - run: docker-compose -f "docker-compose.dev.yml" up -d --build + - run: bash tests/test-docker-compose.sh + - run: docker-compose -f "docker-compose.dev.yml" down + if: always() diff --git a/.github/workflows/npm-test.yml b/.github/workflows/npm-test.yml index 6cb4fd4..9d7162e 100644 --- a/.github/workflows/npm-test.yml +++ b/.github/workflows/npm-test.yml @@ -12,7 +12,7 @@ jobs: - uses: actions/checkout@v2 - name: build the keycloak docker container run: | - docker build --file Dockerfile.auth --tag bcgsc/pori-auth . + docker build --file demo/Dockerfile.auth --tag bcgsc/pori-auth . docs: name: build docs runs-on: ubuntu-latest diff --git a/Dockerfile.auth b/demo/Dockerfile.auth similarity index 52% rename from Dockerfile.auth rename to demo/Dockerfile.auth index 0bfbd59..f2bc334 100644 --- a/Dockerfile.auth +++ b/demo/Dockerfile.auth @@ -1,4 +1,7 @@ -FROM jboss/keycloak:12.0.2 +FROM jboss/keycloak:16.1.1 +USER root RUN mkdir -p /tmp/realm_data/ +COPY demo/kc_setup_keyfile.sh /scripts/kc_setup_keyfile.sh +RUN chmod a+x /scripts/kc_setup_keyfile.sh COPY demo/kc_realm_export.json /tmp/realm_data/kc_realm_export.json ENV KEYCLOAK_IMPORT=/tmp/realm_data/kc_realm_export.json diff --git a/demo/kc_realm_export.json b/demo/kc_realm_export.json index fb9e805..3b7246b 100644 --- a/demo/kc_realm_export.json +++ b/demo/kc_realm_export.json @@ -1,2293 +1,2051 @@ { - "id": "PORI", - "realm": "PORI", - "notBefore": 0, - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 28800, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": false, - "duplicateEmailsAllowed": true, - "resetPasswordAllowed": false, - "editUsernameAllowed": false, - "bruteForceProtected": false, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 30, - "roles": { - "realm": [ - { - "id": "0985a256-6f5f-4895-9a67-6f6571c5681f", - "name": "uma_authorization", - "description": "${role_uma_authorization}", - "composite": false, - "clientRole": false, - "containerId": "PORI", - "attributes": {} - }, - { - "id": "e6e8831e-4ae6-4e62-8369-37a0b775bfc5", - "name": "admin", - "composite": false, - "clientRole": false, - "containerId": "PORI", - "attributes": {} - }, - { - "id": "7cb4c7eb-3ccc-4448-ac68-a27935e0927d", - "name": "GraphKB", - "description": "Access to the GraphKB web applications", - "composite": false, - "clientRole": false, - "containerId": "PORI", - "attributes": {} - }, - { - "id": "bf92e209-1896-4adf-ab73-efc8bb716f84", - "name": "IPR", - "description": "Access to the IPR web application", - "composite": false, - "clientRole": false, - "containerId": "PORI", - "attributes": {} - }, - { - "id": "f83a5b57-ce96-4932-9295-df3ad7e2489c", - "name": "offline_access", - "description": "${role_offline-access}", - "composite": false, - "clientRole": false, - "containerId": "PORI", - "attributes": {} - } - ], - "client": { - "realm-management": [ - { - "id": "d9cebbbc-856d-48e2-b6bc-432dff1765f7", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "847d16cc-4100-4965-ae74-f058ebf92dc6", - "attributes": {} - }, - { - "id": "c644fec5-3274-41ff-baec-5110f8db842a", - "name": "manage-users", - "description": "${role_manage-users}", - "composite": false, - "clientRole": true, - "containerId": "847d16cc-4100-4965-ae74-f058ebf92dc6", - "attributes": {} - }, - { - "id": "9254504b-2cba-42e6-b23b-d3b32b486ffa", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "847d16cc-4100-4965-ae74-f058ebf92dc6", - "attributes": {} - }, - { - "id": "0a744eca-673c-4598-97e2-ea0b8f44c79b", - "name": "view-clients", - "description": "${role_view-clients}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-clients" - ] - } - }, - "clientRole": true, - "containerId": "847d16cc-4100-4965-ae74-f058ebf92dc6", - "attributes": {} - }, - { - "id": "5bd9794b-ab37-4357-adc3-a873e1f9ff2e", - "name": "query-clients", - "description": "${role_query-clients}", - "composite": false, - "clientRole": true, - "containerId": "847d16cc-4100-4965-ae74-f058ebf92dc6", - "attributes": {} - }, - { - "id": "f59c595c-0e04-42a8-87d2-4e92c2bc8a91", - "name": "query-realms", - "description": "${role_query-realms}", - "composite": false, - "clientRole": true, - "containerId": "847d16cc-4100-4965-ae74-f058ebf92dc6", - "attributes": {} - }, - { - "id": "8dd6ce2d-76cd-43fb-8b85-66c0d85b7e1f", - "name": "view-realm", - "description": "${role_view-realm}", - "composite": false, - "clientRole": true, - "containerId": "847d16cc-4100-4965-ae74-f058ebf92dc6", - "attributes": {} - }, - { - "id": "1ab6c9f4-438e-4e92-b2ff-8d613d19333d", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "847d16cc-4100-4965-ae74-f058ebf92dc6", - "attributes": {} - }, - { - "id": "8050e61e-ad87-4c50-a74b-64158bf24351", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", - "composite": false, - "clientRole": true, - "containerId": "847d16cc-4100-4965-ae74-f058ebf92dc6", - "attributes": {} - }, - { - "id": "c96d3c70-8168-4dd9-a72e-cfd20a45eb7f", - "name": "realm-admin", - "description": "${role_realm-admin}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "manage-identity-providers", - "query-users", - "manage-users", - "view-clients", - "query-clients", - "query-realms", - "view-realm", - "manage-events", - "view-identity-providers", - "manage-authorization", - "view-events", - "manage-clients", - "impersonation", - "query-groups", - "view-authorization", - "view-users", - "manage-realm", - "create-client" - ] - } - }, - "clientRole": true, - "containerId": "847d16cc-4100-4965-ae74-f058ebf92dc6", - "attributes": {} - }, - { - "id": "583350f3-fd2a-48cb-8c28-333a21aad243", - "name": "manage-authorization", - "description": "${role_manage-authorization}", - "composite": false, - "clientRole": true, - "containerId": "847d16cc-4100-4965-ae74-f058ebf92dc6", - "attributes": {} - }, - { - "id": "73b49480-5796-4def-ae6f-dc940a26bef9", - "name": "manage-clients", - "description": "${role_manage-clients}", - "composite": false, - "clientRole": true, - "containerId": "847d16cc-4100-4965-ae74-f058ebf92dc6", - "attributes": {} - }, - { - "id": "2416f8da-7a8a-4b21-a002-4b2d9c061892", - "name": "view-events", - "description": "${role_view-events}", - "composite": false, - "clientRole": true, - "containerId": "847d16cc-4100-4965-ae74-f058ebf92dc6", - "attributes": {} - }, - { - "id": "222f3776-feb2-4415-aa00-acc3ee706990", - "name": "impersonation", - "description": "${role_impersonation}", - "composite": false, - "clientRole": true, - "containerId": "847d16cc-4100-4965-ae74-f058ebf92dc6", - "attributes": {} - }, - { - "id": "4d5da0f4-dfaf-4a48-aba0-676e5b0c4476", - "name": "query-groups", - "description": "${role_query-groups}", - "composite": false, - "clientRole": true, - "containerId": "847d16cc-4100-4965-ae74-f058ebf92dc6", - "attributes": {} - }, - { - "id": "179ea605-3fc3-4988-92a2-5130f63bcd2c", - "name": "view-authorization", - "description": "${role_view-authorization}", - "composite": false, - "clientRole": true, - "containerId": "847d16cc-4100-4965-ae74-f058ebf92dc6", - "attributes": {} - }, - { - "id": "dae56acd-519f-4c00-bd91-b33b6960f871", - "name": "view-users", - "description": "${role_view-users}", - "composite": true, - "composites": { - "client": { - "realm-management": [ - "query-users", - "query-groups" - ] - } - }, - "clientRole": true, - "containerId": "847d16cc-4100-4965-ae74-f058ebf92dc6", - "attributes": {} - }, - { - "id": "dce777b4-6273-4df1-ab9a-ee3c2521db20", - "name": "manage-realm", - "description": "${role_manage-realm}", - "composite": false, - "clientRole": true, - "containerId": "847d16cc-4100-4965-ae74-f058ebf92dc6", - "attributes": {} - }, - { - "id": "d5da36d6-fc8e-4472-9d39-1db9f6383a5d", - "name": "create-client", - "description": "${role_create-client}", - "composite": false, - "clientRole": true, - "containerId": "847d16cc-4100-4965-ae74-f058ebf92dc6", - "attributes": {} - } - ], - "security-admin-console": [], - "admin-cli": [], - "IPR": [], - "GraphKB": [ - { - "id": "7e1dc7b3-5a9e-43ba-ba4b-8beae463fc44", - "name": "uma_protection", - "composite": false, - "clientRole": true, - "containerId": "c4dfdf5a-ec62-419d-a646-5f35b0f8f680", - "attributes": {} - }, - { - "id": "bd6b8dc0-2228-4655-a96a-740fc768945a", - "name": "admin", - "description": "Administrative Access to the GraphKB application", - "composite": false, - "clientRole": true, - "containerId": "c4dfdf5a-ec62-419d-a646-5f35b0f8f680", - "attributes": {} - } - ], - "account-console": [], - "broker": [ - { - "id": "a30f3ba9-b728-44a4-944b-50a0dbcbd479", - "name": "read-token", - "description": "${role_read-token}", - "composite": false, - "clientRole": true, - "containerId": "90dbac95-e2f8-45b7-ab82-069e15961525", - "attributes": {} - } - ], - "2fa": [], - "account": [ - { - "id": "cbfec8f9-a6db-4dcc-8e3f-8ad77bf1cc18", - "name": "view-consent", - "description": "${role_view-consent}", - "composite": false, - "clientRole": true, - "containerId": "d5c12dcc-0aee-407c-a7cf-642edb2779fe", - "attributes": {} - }, - { - "id": "33dbc5e9-0849-4128-824f-64fd55d6e1e5", - "name": "manage-account", - "description": "${role_manage-account}", - "composite": true, - "composites": { - "client": { - "account": [ - "manage-account-links" - ] - } - }, - "clientRole": true, - "containerId": "d5c12dcc-0aee-407c-a7cf-642edb2779fe", - "attributes": {} - }, - { - "id": "9a32fbde-14b7-42a2-9db2-193305173b80", - "name": "manage-consent", - "description": "${role_manage-consent}", - "composite": true, - "composites": { - "client": { - "account": [ - "view-consent" - ] - } - }, - "clientRole": true, - "containerId": "d5c12dcc-0aee-407c-a7cf-642edb2779fe", - "attributes": {} - }, - { - "id": "144cfa9f-db2f-4794-be65-1f4f46e14363", - "name": "view-profile", - "description": "${role_view-profile}", - "composite": false, - "clientRole": true, - "containerId": "d5c12dcc-0aee-407c-a7cf-642edb2779fe", - "attributes": {} - }, - { - "id": "9e79f9af-56ca-44c0-b40e-5fae8b8baa9b", - "name": "delete-account", - "description": "${role_delete-account}", - "composite": false, - "clientRole": true, - "containerId": "d5c12dcc-0aee-407c-a7cf-642edb2779fe", - "attributes": {} - }, - { - "id": "8c2ab5dd-9306-4362-b753-5bf0de31bc52", - "name": "manage-account-links", - "description": "${role_manage-account-links}", - "composite": false, - "clientRole": true, - "containerId": "d5c12dcc-0aee-407c-a7cf-642edb2779fe", - "attributes": {} - }, - { - "id": "1b1523d0-e705-4556-bbdb-736e4f2be166", - "name": "view-applications", - "description": "${role_view-applications}", - "composite": false, - "clientRole": true, - "containerId": "d5c12dcc-0aee-407c-a7cf-642edb2779fe", - "attributes": {} - } - ] + "id" : "PORI", + "realm" : "PORI", + "notBefore" : 0, + "defaultSignatureAlgorithm" : "RS256", + "revokeRefreshToken" : false, + "refreshTokenMaxReuse" : 0, + "accessTokenLifespan" : 28800, + "accessTokenLifespanForImplicitFlow" : 900, + "ssoSessionIdleTimeout" : 1800, + "ssoSessionMaxLifespan" : 36000, + "ssoSessionIdleTimeoutRememberMe" : 0, + "ssoSessionMaxLifespanRememberMe" : 0, + "offlineSessionIdleTimeout" : 2592000, + "offlineSessionMaxLifespanEnabled" : false, + "offlineSessionMaxLifespan" : 5184000, + "clientSessionIdleTimeout" : 0, + "clientSessionMaxLifespan" : 0, + "clientOfflineSessionIdleTimeout" : 0, + "clientOfflineSessionMaxLifespan" : 0, + "accessCodeLifespan" : 60, + "accessCodeLifespanUserAction" : 300, + "accessCodeLifespanLogin" : 1800, + "actionTokenGeneratedByAdminLifespan" : 43200, + "actionTokenGeneratedByUserLifespan" : 300, + "oauth2DeviceCodeLifespan" : 600, + "oauth2DevicePollingInterval" : 5, + "enabled" : true, + "sslRequired" : "external", + "registrationAllowed" : false, + "registrationEmailAsUsername" : false, + "rememberMe" : false, + "verifyEmail" : false, + "loginWithEmailAllowed" : false, + "duplicateEmailsAllowed" : true, + "resetPasswordAllowed" : false, + "editUsernameAllowed" : false, + "bruteForceProtected" : false, + "permanentLockout" : false, + "maxFailureWaitSeconds" : 900, + "minimumQuickLoginWaitSeconds" : 60, + "waitIncrementSeconds" : 60, + "quickLoginCheckMilliSeconds" : 1000, + "maxDeltaTimeSeconds" : 43200, + "failureFactor" : 30, + "roles" : { + "realm" : [ { + "id" : "0985a256-6f5f-4895-9a67-6f6571c5681f", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "PORI", + "attributes" : { } + }, { + "id" : "f8755b6e-46eb-4ca6-bebd-2e827fb6fa05", + "name" : "default-roles-pori", + "description" : "${role_default-roles}", + "composite" : true, + "composites" : { + "realm" : [ "offline_access", "uma_authorization" ], + "client" : { + "account" : [ "view-profile", "manage-account" ] } - }, - "groups": [ - { - "id": "e2033a9f-fc05-4781-84da-e0f9302baec8", - "name": "allusers", - "path": "/allusers", - "attributes": {}, - "realmRoles": [], - "clientRoles": {}, - "subGroups": [] - } - ], - "defaultRoles": [ - "uma_authorization", - "offline_access" - ], - "requiredCredentials": [ - "password" - ], - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpSupportedApplications": [ - "FreeOTP", - "Google Authenticator" - ], - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - } - ], - "clientScopeMappings": { - "account": [ - { - "client": "account-console", - "roles": [ - "manage-account" - ] - } - ] - }, - "clients": [ - { - "id": "54b10b5c-dd42-4090-941c-a275e3b9b6b4", - "clientId": "2fa", - "baseUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "*" - ], - "webOrigins": [ - "*" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "exclude.session.state.from.auth.response": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "role_list", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "c4dfdf5a-ec62-419d-a646-5f35b0f8f680", - "clientId": "GraphKB", - "rootUrl": "", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "http://0.0.0.0:3000/*", - "http://0.0.0.0:5000/*", - "http://localhost:3000/*", - "http://localhost:5000/*", - "https://pori-demo.bcgsc.ca/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": true, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "access.token.lifespan": "86400", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "exclude.session.state.from.auth.response": "false", - "backchannel.logout.session.required": "false", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "protocolMappers": [ - { - "id": "436d7b81-3eae-44d4-81bf-715097413945", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientId", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientId", - "jsonType.label": "String" - } - }, - { - "id": "f3c0ec9c-b730-45b4-bcf9-e2dca811b7af", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - }, - { - "id": "e0b7f359-c6b1-4a94-b702-805ab945f5f9", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "userinfo.token.claim": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "role_list", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "01d64c4b-6797-4d0a-80bb-50565b5ae493", - "clientId": "IPR", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "http://0.0.0.0:3000/*", - "http://0.0.0.0:5000/*", - "http://localhost:3000/*", - "http://localhost:5000/*", - "https://pori-demo.bcgsc.ca/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "access.token.lifespan": "86400", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "exclude.session.state.from.auth.response": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "role_list", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "d5c12dcc-0aee-407c-a7cf-642edb2779fe", - "clientId": "account", - "name": "${client_account}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/PORI/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "defaultRoles": [ - "view-profile", - "manage-account" - ], - "redirectUris": [ - "/realms/PORI/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "role_list", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "a88d4e2c-e6b3-4cf8-9b31-1320441cdca4", - "clientId": "account-console", - "name": "${client_account-console}", - "rootUrl": "${authBaseUrl}", - "baseUrl": "/realms/PORI/account/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "/realms/PORI/account/*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "1602f606-94bc-49e7-93f3-2332379d6657", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ], - "defaultClientScopes": [ - "web-origins", - "role_list", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "0002685a-6e7a-4d5e-8281-fd45217b4b04", - "clientId": "admin-cli", - "name": "${client_admin-cli}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": false, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "role_list", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "90dbac95-e2f8-45b7-ab82-069e15961525", - "clientId": "broker", - "name": "${client_broker}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "role_list", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "847d16cc-4100-4965-ae74-f058ebf92dc6", - "clientId": "realm-management", - "name": "${client_realm-management}", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": true, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": {}, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "role_list", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access" - ] - }, - { - "id": "f5884b4f-c044-443d-b386-3ef48c0cca6a", - "clientId": "security-admin-console", - "name": "${client_security-admin-console}", - "rootUrl": "${authAdminUrl}", - "baseUrl": "/admin/PORI/console/", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "**********", - "redirectUris": [ - "/admin/PORI/console/*" - ], - "webOrigins": [ - "+" - ], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": true, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "pkce.code.challenge.method": "S256" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "protocolMappers": [ - { - "id": "f9f9b31b-fa62-4f95-bbc6-8e57abe45b44", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - } - ], - "defaultClientScopes": [ - "web-origins", - "role_list", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - } - ], - "clientScopes": [ - { - "id": "80d6cc08-e4d0-446b-ac1f-40689162613c", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "e6f74644-e527-4c58-adb1-fe34dac63681", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "fd8b65bc-48b8-4222-bb0c-0b4cc8ff6f60", - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "1201f82f-b125-4b00-a661-aed3ee53d80e", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "id": "114943e3-49fb-4852-a968-b2c90e3c08aa", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - } - ] + }, + "clientRole" : false, + "containerId" : "PORI", + "attributes" : { } + }, { + "id" : "e6e8831e-4ae6-4e62-8369-37a0b775bfc5", + "name" : "admin", + "composite" : false, + "clientRole" : false, + "containerId" : "PORI", + "attributes" : { } + }, { + "id" : "7cb4c7eb-3ccc-4448-ac68-a27935e0927d", + "name" : "GraphKB", + "description" : "Access to the GraphKB web applications", + "composite" : false, + "clientRole" : false, + "containerId" : "PORI", + "attributes" : { } + }, { + "id" : "bf92e209-1896-4adf-ab73-efc8bb716f84", + "name" : "IPR", + "description" : "Access to the IPR web application", + "composite" : false, + "clientRole" : false, + "containerId" : "PORI", + "attributes" : { } + }, { + "id" : "f83a5b57-ce96-4932-9295-df3ad7e2489c", + "name" : "offline_access", + "description" : "${role_offline-access}", + "composite" : false, + "clientRole" : false, + "containerId" : "PORI", + "attributes" : { } + } ], + "client" : { + "realm-management" : [ { + "id" : "d9cebbbc-856d-48e2-b6bc-432dff1765f7", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "c644fec5-3274-41ff-baec-5110f8db842a", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "9254504b-2cba-42e6-b23b-d3b32b486ffa", + "name" : "query-users", + "description" : "${role_query-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "0a744eca-673c-4598-97e2-ea0b8f44c79b", + "name" : "view-clients", + "description" : "${role_view-clients}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-clients" ] + } }, - { - "id": "93d88027-3cc9-46ca-b846-22d06897457d", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "d720e221-a69d-415e-80c7-01f3faf9a46b", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - }, - { - "id": "2e304196-66a7-4179-a0ef-89de948015f7", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ] + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "5bd9794b-ab37-4357-adc3-a873e1f9ff2e", + "name" : "query-clients", + "description" : "${role_query-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "f59c595c-0e04-42a8-87d2-4e92c2bc8a91", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "8dd6ce2d-76cd-43fb-8b85-66c0d85b7e1f", + "name" : "view-realm", + "description" : "${role_view-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "1ab6c9f4-438e-4e92-b2ff-8d613d19333d", + "name" : "manage-events", + "description" : "${role_manage-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "8050e61e-ad87-4c50-a74b-64158bf24351", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "c96d3c70-8168-4dd9-a72e-cfd20a45eb7f", + "name" : "realm-admin", + "description" : "${role_realm-admin}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "manage-identity-providers", "query-users", "manage-users", "view-clients", "query-clients", "query-realms", "view-realm", "manage-events", "view-identity-providers", "manage-authorization", "view-events", "manage-clients", "impersonation", "query-groups", "view-authorization", "view-users", "manage-realm", "create-client" ] + } }, - { - "id": "1b050b28-b9f2-4e09-9cec-00e041b88d5d", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "583350f3-fd2a-48cb-8c28-333a21aad243", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "73b49480-5796-4def-ae6f-dc940a26bef9", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "2416f8da-7a8a-4b21-a002-4b2d9c061892", + "name" : "view-events", + "description" : "${role_view-events}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "222f3776-feb2-4415-aa00-acc3ee706990", + "name" : "impersonation", + "description" : "${role_impersonation}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "4d5da0f4-dfaf-4a48-aba0-676e5b0c4476", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "179ea605-3fc3-4988-92a2-5130f63bcd2c", + "name" : "view-authorization", + "description" : "${role_view-authorization}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "dae56acd-519f-4c00-bd91-b33b6960f871", + "name" : "view-users", + "description" : "${role_view-users}", + "composite" : true, + "composites" : { + "client" : { + "realm-management" : [ "query-users", "query-groups" ] + } }, - { - "id": "d297b787-a825-4426-b3db-db0d38ebd7df", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "b0c6137e-fd49-4688-9311-b212e9d13a38", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - }, - { - "id": "3231d2f7-29fb-4c32-ab64-5d3a90fe9e3b", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - } - ] + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "dce777b4-6273-4df1-ab9a-ee3c2521db20", + "name" : "manage-realm", + "description" : "${role_manage-realm}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + }, { + "id" : "d5da36d6-fc8e-4472-9d39-1db9f6383a5d", + "name" : "create-client", + "description" : "${role_create-client}", + "composite" : false, + "clientRole" : true, + "containerId" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "attributes" : { } + } ], + "security-admin-console" : [ ], + "admin-cli" : [ ], + "IPR" : [ ], + "GraphKB" : [ { + "id" : "7e1dc7b3-5a9e-43ba-ba4b-8beae463fc44", + "name" : "uma_protection", + "composite" : false, + "clientRole" : true, + "containerId" : "c4dfdf5a-ec62-419d-a646-5f35b0f8f680", + "attributes" : { } + }, { + "id" : "bd6b8dc0-2228-4655-a96a-740fc768945a", + "name" : "admin", + "description" : "Administrative Access to the GraphKB application", + "composite" : false, + "clientRole" : true, + "containerId" : "c4dfdf5a-ec62-419d-a646-5f35b0f8f680", + "attributes" : { } + } ], + "account-console" : [ ], + "broker" : [ { + "id" : "a30f3ba9-b728-44a4-944b-50a0dbcbd479", + "name" : "read-token", + "description" : "${role_read-token}", + "composite" : false, + "clientRole" : true, + "containerId" : "90dbac95-e2f8-45b7-ab82-069e15961525", + "attributes" : { } + } ], + "2fa" : [ ], + "account" : [ { + "id" : "cbfec8f9-a6db-4dcc-8e3f-8ad77bf1cc18", + "name" : "view-consent", + "description" : "${role_view-consent}", + "composite" : false, + "clientRole" : true, + "containerId" : "d5c12dcc-0aee-407c-a7cf-642edb2779fe", + "attributes" : { } + }, { + "id" : "33dbc5e9-0849-4128-824f-64fd55d6e1e5", + "name" : "manage-account", + "description" : "${role_manage-account}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "manage-account-links" ] + } }, - { - "id": "789237c5-6d88-41a0-a7e1-530368d6265e", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "e7653223-8515-4a41-b939-89d2e962bdee", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "id": "77756ec1-381b-43a8-acaf-8665cf6c26cf", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "f5cbb3f3-3806-4e4c-973f-44af4c026729", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "id": "5a107cad-90ca-4313-ad8f-2d49369bf61f", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" - } - }, - { - "id": "c141e6f9-dc4e-4b5d-a2b9-4514ea0b2b4a", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "id": "c310863a-f1c8-4273-85ee-e867e6cd9bc1", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "id": "1721856b-1b78-486c-be85-828b9ffbe1ca", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, - { - "id": "d878c38a-f206-4e37-bea0-3e3f80d4c94c", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - }, - { - "id": "8c297079-e409-4021-98f0-98d8626ad888", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "id": "bbad21ce-2618-4181-ac6f-bfae14e960e5", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "id": "34e08486-d9b4-4165-9e93-593b5b95a17e", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "id": "ef031999-432c-48c5-b3bf-eb420476f801", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "id": "95d05c4d-3ae6-4061-b32a-5990bd15e507", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "id": "c5199596-dfee-48d1-90f8-2c3f605f6a04", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - } - ] + "clientRole" : true, + "containerId" : "d5c12dcc-0aee-407c-a7cf-642edb2779fe", + "attributes" : { } + }, { + "id" : "9a32fbde-14b7-42a2-9db2-193305173b80", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } }, - { - "id": "dfc63d4d-8582-4a21-b289-e3c351b10356", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "3b461783-0a10-49a7-b4f2-a38ef20ac4ce", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "c0b1342a-9c37-46b1-8dce-7dc503db61d0", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "0d4e2d2a-05df-4fd9-beff-218d89dd3adb", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "c606f563-6147-4bc7-b9e8-e1591e2e8669", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "id": "05fe3edf-da15-48cb-bf46-fda14d60907b", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "2b631976-8c69-46e7-9974-86aac77aefa3", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "id": "173cbd36-cca3-4970-a64f-c32b4246aee8", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - } - ], - "defaultDefaultClientScopes": [ - "web-origins", - "profile", - "roles", - "role_list", - "email" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "microprofile-jwt", - "phone" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" + "clientRole" : true, + "containerId" : "d5c12dcc-0aee-407c-a7cf-642edb2779fe", + "attributes" : { } + }, { + "id" : "144cfa9f-db2f-4794-be65-1f4f46e14363", + "name" : "view-profile", + "description" : "${role_view-profile}", + "composite" : false, + "clientRole" : true, + "containerId" : "d5c12dcc-0aee-407c-a7cf-642edb2779fe", + "attributes" : { } + }, { + "id" : "9e79f9af-56ca-44c0-b40e-5fae8b8baa9b", + "name" : "delete-account", + "description" : "${role_delete-account}", + "composite" : false, + "clientRole" : true, + "containerId" : "d5c12dcc-0aee-407c-a7cf-642edb2779fe", + "attributes" : { } + }, { + "id" : "8c2ab5dd-9306-4362-b753-5bf0de31bc52", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", + "composite" : false, + "clientRole" : true, + "containerId" : "d5c12dcc-0aee-407c-a7cf-642edb2779fe", + "attributes" : { } + }, { + "id" : "1b1523d0-e705-4556-bbdb-736e4f2be166", + "name" : "view-applications", + "description" : "${role_view-applications}", + "composite" : false, + "clientRole" : true, + "containerId" : "d5c12dcc-0aee-407c-a7cf-642edb2779fe", + "attributes" : { } + } ] + } + }, + "groups" : [ { + "id" : "e2033a9f-fc05-4781-84da-e0f9302baec8", + "name" : "allusers", + "path" : "/allusers", + "attributes" : { }, + "realmRoles" : [ ], + "clientRoles" : { }, + "subGroups" : [ ] + } ], + "defaultRole" : { + "id" : "f8755b6e-46eb-4ca6-bebd-2e827fb6fa05", + "name" : "default-roles-pori", + "description" : "${role_default-roles}", + "composite" : true, + "clientRole" : false, + "containerId" : "PORI" + }, + "requiredCredentials" : [ "password" ], + "otpPolicyType" : "totp", + "otpPolicyAlgorithm" : "HmacSHA1", + "otpPolicyInitialCounter" : 0, + "otpPolicyDigits" : 6, + "otpPolicyLookAheadWindow" : 1, + "otpPolicyPeriod" : 30, + "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ], + "webAuthnPolicyRpEntityName" : "keycloak", + "webAuthnPolicySignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyRpId" : "", + "webAuthnPolicyAttestationConveyancePreference" : "not specified", + "webAuthnPolicyAuthenticatorAttachment" : "not specified", + "webAuthnPolicyRequireResidentKey" : "not specified", + "webAuthnPolicyUserVerificationRequirement" : "not specified", + "webAuthnPolicyCreateTimeout" : 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyAcceptableAaguids" : [ ], + "webAuthnPolicyPasswordlessRpEntityName" : "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ], + "webAuthnPolicyPasswordlessRpId" : "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified", + "webAuthnPolicyPasswordlessCreateTimeout" : 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, + "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], + "users" : [ { + "id" : "5db8d738-b2b7-418a-b0f2-e5f08766675c", + "createdTimestamp" : 1645217918593, + "username" : "colab_demo", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "d6f05740-36ab-48d3-8416-308127e1f68e", + "type" : "password", + "createdDate" : 1645217918770, + "secretData" : "{\"value\":\"xvMGre9JyjVwatelekskEsxM16fT/pStFkphLpENT+8nvvjb5XcDuo7vgecVD3FcfRdSvRy2v+vqjTcpSXhLQQ==\",\"salt\":\"h3LOGZ8Tn/n2lI31o/zWRQ==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-pori", "GraphKB", "IPR" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "dbcb2359-bfcc-491f-abe7-4fb2e0e5cd33", + "createdTimestamp" : 1645217917933, + "username" : "graphkb_admin", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "ae8c5409-1cdf-4338-a1a7-b5662f85bf7d", + "type" : "password", + "createdDate" : 1645217918125, + "secretData" : "{\"value\":\"CwvQRbm9zgUa0OA6v+L8uEdd/jK7iJNq6kZApvTAcUpOOVaLtTVoAuvc9VzR/7p6lcdts82DNlzHINitpRcA2A==\",\"salt\":\"YkITGCVovcQgZvOlfPXdpw==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-pori", "GraphKB", "IPR" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "5a4bebec-fe7b-4bff-a21a-f747a644f93f", + "createdTimestamp" : 1645217918160, + "username" : "graphkb_importer", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "6fef9f6a-e979-4902-978a-fa4b8cbb343c", + "type" : "password", + "createdDate" : 1645217918336, + "secretData" : "{\"value\":\"YKf46iMdF4vzd48OrOYLEoLVh8kqqznfOXBH9xGYVaa+ApvjtIGmkvvOI3/dZ+sNQXu80XJIXQ7a2yGzVWJzKg==\",\"salt\":\"ExA97QOwMKFvzeLaexK6Xg==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-pori", "GraphKB", "IPR" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "8a84863a-f8a1-4a7d-a1cf-d248f4aab314", + "createdTimestamp" : 1645217918364, + "username" : "ipr_graphkb_link", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "credentials" : [ { + "id" : "af973256-df69-4f0d-bf46-f887239a5781", + "type" : "password", + "createdDate" : 1645217918542, + "secretData" : "{\"value\":\"ZU7TFar//M3DRPKGT132REBaiJ0AngU+UdM6XsrrGcfTyOAPO3qtp2s7yRcdoH+XqhtPLd1rxcPJVEmFDO06Cw==\",\"salt\":\"y2duZYEwBq+tDRf5HwoCdA==\",\"additionalParameters\":{}}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-pori", "GraphKB", "IPR" ], + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "d09f87fd-1b30-4e49-a89f-bbaea5ee31c9", + "createdTimestamp" : 1612555868634, + "username" : "iprdemo", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "firstName" : "ipr", + "lastName" : "demo", + "credentials" : [ { + "id" : "24449f8e-cb4a-47d0-be42-43f0dc8f0f73", + "type" : "password", + "createdDate" : 1612556446213, + "secretData" : "{\"value\":\"R+juG1x1JJmUPXZMJQGQ2cYFn+pD4IS9qsVRqzDjfFuKGs2XX5PEUNM5H7GYCJmHdi4CK69HKBMGlDWcqCKswg==\",\"salt\":\"GALUISM7zzvRZOZsl48lBA==\"}", + "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-pori", "uma_authorization", "GraphKB", "IPR", "offline_access" ], + "clientRoles" : { + "account" : [ "view-profile", "manage-account" ] }, - "smtpServer": {}, - "loginTheme": "keycloak", - "accountTheme": "keycloak", - "adminTheme": "keycloak", - "eventsEnabled": true, - "eventsExpiration": 2592000, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [ - "TOKEN_EXCHANGE", - "LOGIN_ERROR", - "CLIENT_LOGIN", - "CODE_TO_TOKEN", - "LOGIN" - ], - "adminEventsEnabled": false, - "adminEventsDetailsEnabled": false, - "identityProviders": [], - "identityProviderMappers": [], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "1dcc5b4d-d3f7-41e8-a842-f339d461af8d", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "950012dc-46e4-4349-9520-3b4e633dca40", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "58a6669f-bb9b-4377-853b-c6415c2248bd", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "6f540ac1-f39e-402f-8bcf-1b0cb139efc4", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "e1223b7e-4725-4711-825f-22a1e26aca7f", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "saml-user-property-mapper", - "oidc-address-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-usermodel-property-mapper", - "saml-user-attribute-mapper", - "saml-role-list-mapper", - "oidc-usermodel-attribute-mapper" - ] - } - }, - { - "id": "3f730dc2-0620-4c6a-9203-65147c847f09", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-usermodel-property-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-full-name-mapper", - "oidc-address-mapper", - "saml-role-list-mapper", - "saml-user-attribute-mapper", - "saml-user-property-mapper", - "oidc-usermodel-attribute-mapper" - ] - } - }, - { - "id": "371c7fa1-594b-41f2-8062-cc31aff8ad80", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "4b990959-ff0e-4438-a389-6df3d43c4438", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "18891d36-57af-486c-bfcb-480fcea516a0", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "0087ee0d-e52a-446f-888a-4ec1d2e551cc", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } - }, - { - "id": "1fd252b2-b205-4fda-ab3a-52f8c8298dc2", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - } - ] + "notBefore" : 0, + "groups" : [ ] + }, { + "id" : "becc9cf6-043c-408c-a8a0-14ec40e536d5", + "createdTimestamp" : 1645217878730, + "username" : "service-account-graphkb", + "enabled" : true, + "totp" : false, + "emailVerified" : false, + "serviceAccountClientId" : "GraphKB", + "credentials" : [ ], + "disableableCredentialTypes" : [ ], + "requiredActions" : [ ], + "realmRoles" : [ "default-roles-pori" ], + "notBefore" : 0, + "groups" : [ ] + } ], + "scopeMappings" : [ { + "clientScope" : "offline_access", + "roles" : [ "offline_access" ] + } ], + "clientScopeMappings" : { + "account" : [ { + "client" : "account-console", + "roles" : [ "manage-account" ] + } ] + }, + "clients" : [ { + "id" : "54b10b5c-dd42-4090-941c-a275e3b9b6b4", + "clientId" : "2fa", + "baseUrl" : "", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "redirectUris" : [ "*" ], + "webOrigins" : [ "*" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "saml.assertion.signature" : "false", + "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", + "saml.encrypt" : "false", + "saml.server.signature" : "false", + "saml.server.signature.keyinfo.ext" : "false", + "exclude.session.state.from.auth.response" : "false", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "saml.onetimeuse.condition" : "false" }, - "internationalizationEnabled": false, - "supportedLocales": [ - "" - ], - "authenticationFlows": [ - { - "id": "43f65d64-114e-4a8b-b2a3-860c6de19467", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "Handle Existing Account - Alternatives - 0", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "9ec88908-d9fb-4d76-a56e-8912b124957c", - "alias": "Handle Existing Account - Alternatives - 0", - "description": "Subflow of Handle Existing Account with alternative executions", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "09f38e53-71f2-4fab-bc8b-6a7c0ca3ac34", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "Verify Existing Account by Re-authentication - auth-otp-form - Conditional", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "69a1ad40-5599-4a80-b9b8-1a5a57fdb10a", - "alias": "Verify Existing Account by Re-authentication - auth-otp-form - Conditional", - "description": "Flow to determine if the auth-otp-form authenticator should be used or not.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "2badd21e-3ff7-4513-9a23-b6a0440b5bfb", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "requirement": "DISABLED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "identity-provider-redirector", - "requirement": "ALTERNATIVE", - "priority": 25, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "forms", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "215f7c3a-a26e-41b4-92aa-00b89c3d3c27", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-jwt", - "requirement": "ALTERNATIVE", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-secret-jwt", - "requirement": "ALTERNATIVE", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "client-x509", - "requirement": "ALTERNATIVE", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "1a1e6a8c-7413-4a4c-90cd-5b9f507db109", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-password", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "CONDITIONAL", - "priority": 30, - "flowAlias": "direct grant - direct-grant-validate-otp - Conditional", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "c45bb310-9e5a-4ae4-a2b3-7105d9100563", - "alias": "direct grant - direct-grant-validate-otp - Conditional", - "description": "Flow to determine if the direct-grant-validate-otp authenticator should be used or not.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "direct-grant-validate-otp", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "c27a110b-9e20-4f25-bf71-ba87b9d8d9c0", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "0d4be072-7435-4ce9-b843-644181cec691", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "REQUIRED", - "priority": 20, - "flowAlias": "first broker login - Alternatives - 0", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "5501be66-6881-4c25-8013-73decf746d0d", - "alias": "first broker login - Alternatives - 0", - "description": "Subflow of first broker login with alternative executions", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "requirement": "ALTERNATIVE", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "ALTERNATIVE", - "priority": 20, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "500c9b06-1768-401a-b19b-d4dc3cfcd30e", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "CONDITIONAL", - "priority": 20, - "flowAlias": "forms - auth-otp-form - Conditional", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "d2305edc-e063-420f-b512-841e370697e3", - "alias": "forms - auth-otp-form - Conditional", - "description": "Flow to determine if the auth-otp-form authenticator should be used or not.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-otp-form", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "aed66147-a635-4427-af8a-827dce215b03", - "alias": "http challenge", - "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "no-cookie-redirect", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "basic-auth-otp", - "requirement": "DISABLED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "auth-spnego", - "requirement": "DISABLED", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "7287ee6a-0fa5-44d4-9ac1-a2700dfd5673", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "requirement": "REQUIRED", - "priority": 10, - "flowAlias": "registration form", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "a9c0ec05-7271-41ee-ad41-b7262a63ba98", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-profile-action", - "requirement": "REQUIRED", - "priority": 40, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-password-action", - "requirement": "REQUIRED", - "priority": 50, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "registration-recaptcha-action", - "requirement": "DISABLED", - "priority": 60, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "4c74a91a-4005-4311-b417-92bba1f17749", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-credential-email", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-password", - "requirement": "REQUIRED", - "priority": 30, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "CONDITIONAL", - "priority": 40, - "flowAlias": "reset credentials - reset-otp - Conditional", - "userSetupAllowed": false, - "autheticatorFlow": true - } - ] - }, - { - "id": "9bc71b69-4509-4baf-bae1-0a73aeb12230", - "alias": "reset credentials - reset-otp - Conditional", - "description": "Flow to determine if the reset-otp authenticator should be used or not.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "authenticator": "reset-otp", - "requirement": "REQUIRED", - "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - }, - { - "id": "d771570a-8c83-4083-b07d-8cc0214291ed", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "requirement": "REQUIRED", - "priority": 10, - "userSetupAllowed": false, - "autheticatorFlow": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "4fb6d56e-91df-4505-b915-b06c3e5c6051", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "43db6db8-7a31-4ab0-99bc-62de5165c564", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "terms_and_conditions", - "name": "Terms and Conditions", - "providerId": "terms_and_conditions", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "attributes": { - "clientOfflineSessionMaxLifespan": "0", - "clientSessionIdleTimeout": "0", - "clientSessionMaxLifespan": "0", - "clientOfflineSessionIdleTimeout": "0" + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "c4dfdf5a-ec62-419d-a646-5f35b0f8f680", + "clientId" : "GraphKB", + "rootUrl" : "", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "redirectUris" : [ "http://0.0.0.0:3000/*", "http://localhost:3000/*", "http://localhost:5000/*", "https://pori-demo.bcgsc.ca/*", "http://0.0.0.0:5000/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : true, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "saml.assertion.signature" : "false", + "access.token.lifespan" : "86400", + "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", + "saml.encrypt" : "false", + "backchannel.logout.revoke.offline.tokens" : "false", + "saml.server.signature" : "false", + "saml.server.signature.keyinfo.ext" : "false", + "exclude.session.state.from.auth.response" : "false", + "backchannel.logout.session.required" : "false", + "client_credentials.use_refresh_token" : "false", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "saml.onetimeuse.condition" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "protocolMappers" : [ { + "id" : "436d7b81-3eae-44d4-81bf-715097413945", + "name" : "Client ID", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "clientId", + "userinfo.token.claim" : "true", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "clientId", + "jsonType.label" : "String" + } + }, { + "id" : "f3c0ec9c-b730-45b4-bcf9-e2dca811b7af", + "name" : "Client Host", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "clientHost", + "userinfo.token.claim" : "true", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "clientHost", + "jsonType.label" : "String" + } + }, { + "id" : "e0b7f359-c6b1-4a94-b702-805ab945f5f9", + "name" : "Client IP Address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usersessionmodel-note-mapper", + "consentRequired" : false, + "config" : { + "user.session.note" : "clientAddress", + "userinfo.token.claim" : "true", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "clientAddress", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "01d64c4b-6797-4d0a-80bb-50565b5ae493", + "clientId" : "IPR", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "redirectUris" : [ "http://0.0.0.0:3000/*", "http://localhost:3000/*", "http://localhost:5000/*", "https://pori-demo.bcgsc.ca/*", "http://0.0.0.0:5000/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "saml.assertion.signature" : "false", + "access.token.lifespan" : "86400", + "saml.force.post.binding" : "false", + "saml.multivalued.roles" : "false", + "saml.encrypt" : "false", + "saml.server.signature" : "false", + "saml.server.signature.keyinfo.ext" : "false", + "exclude.session.state.from.auth.response" : "false", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "false", + "tls.client.certificate.bound.access.tokens" : "false", + "saml.authnstatement" : "false", + "display.on.consent.screen" : "false", + "saml.onetimeuse.condition" : "false" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "d5c12dcc-0aee-407c-a7cf-642edb2779fe", + "clientId" : "account", + "name" : "${client_account}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/PORI/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "redirectUris" : [ "/realms/PORI/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "a88d4e2c-e6b3-4cf8-9b31-1320441cdca4", + "clientId" : "account-console", + "name" : "${client_account-console}", + "rootUrl" : "${authBaseUrl}", + "baseUrl" : "/realms/PORI/account/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "redirectUris" : [ "/realms/PORI/account/*" ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "1602f606-94bc-49e7-93f3-2332379d6657", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ], + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "0002685a-6e7a-4d5e-8281-fd45217b4b04", + "clientId" : "admin-cli", + "name" : "${client_admin-cli}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : false, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : true, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "90dbac95-e2f8-45b7-ab82-069e15961525", + "clientId" : "broker", + "name" : "${client_broker}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + }, { + "id" : "847d16cc-4100-4965-ae74-f058ebf92dc6", + "clientId" : "realm-management", + "name" : "${client_realm-management}", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "redirectUris" : [ ], + "webOrigins" : [ ], + "notBefore" : 0, + "bearerOnly" : true, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access" ] + }, { + "id" : "f5884b4f-c044-443d-b386-3ef48c0cca6a", + "clientId" : "security-admin-console", + "name" : "${client_security-admin-console}", + "rootUrl" : "${authAdminUrl}", + "baseUrl" : "/admin/PORI/console/", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "secret" : "**********", + "redirectUris" : [ "/admin/PORI/console/*" ], + "webOrigins" : [ "+" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : true, + "frontchannelLogout" : false, + "protocol" : "openid-connect", + "attributes" : { + "pkce.code.challenge.method" : "S256" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : false, + "nodeReRegistrationTimeout" : 0, + "protocolMappers" : [ { + "id" : "f9f9b31b-fa62-4f95-bbc6-8e57abe45b44", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + } ], + "defaultClientScopes" : [ "web-origins", "profile", "roles", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] + } ], + "clientScopes" : [ { + "id" : "dfc63d4d-8582-4a21-b289-e3c351b10356", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "3b461783-0a10-49a7-b4f2-a38ef20ac4ce", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" + } + } ] + }, { + "id" : "2b631976-8c69-46e7-9974-86aac77aefa3", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "173cbd36-cca3-4970-a64f-c32b4246aee8", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { } + } ] + }, { + "id" : "d297b787-a825-4426-b3db-db0d38ebd7df", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${phoneScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "b0c6137e-fd49-4688-9311-b212e9d13a38", + "name" : "phone number", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumber", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + }, { + "id" : "3231d2f7-29fb-4c32-ab64-5d3a90fe9e3b", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" + } + } ] + }, { + "id" : "fd8b65bc-48b8-4222-bb0c-0b4cc8ff6f60", + "name" : "email", + "description" : "OpenID Connect built-in scope: email", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${emailScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "1201f82f-b125-4b00-a661-aed3ee53d80e", + "name" : "email", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "email", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email", + "jsonType.label" : "String" + } + }, { + "id" : "114943e3-49fb-4852-a968-b2c90e3c08aa", + "name" : "email verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "emailVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "email_verified", + "jsonType.label" : "boolean" + } + } ] + }, { + "id" : "93d88027-3cc9-46ca-b846-22d06897457d", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" + }, + "protocolMappers" : [ { + "id" : "d720e221-a69d-415e-80c7-01f3faf9a46b", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" + } + }, { + "id" : "2e304196-66a7-4179-a0ef-89de948015f7", + "name" : "groups", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "multivalued" : "true", + "userinfo.token.claim" : "true", + "user.attribute" : "foo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "1b050b28-b9f2-4e09-9cec-00e041b88d5d", + "name" : "offline_access", + "description" : "OpenID Connect built-in scope: offline_access", + "protocol" : "openid-connect", + "attributes" : { + "consent.screen.text" : "${offlineAccessScopeConsentText}", + "display.on.consent.screen" : "true" + } + }, { + "id" : "80d6cc08-e4d0-446b-ac1f-40689162613c", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${addressScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "e6f74644-e527-4c58-adb1-fe34dac63681", + "name" : "address", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-address-mapper", + "consentRequired" : false, + "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "user.attribute.postal_code" : "postal_code", + "userinfo.token.claim" : "true", + "user.attribute.street" : "street", + "id.token.claim" : "true", + "user.attribute.region" : "region", + "access.token.claim" : "true", + "user.attribute.locality" : "locality" + } + } ] + }, { + "id" : "789237c5-6d88-41a0-a7e1-530368d6265e", + "name" : "profile", + "description" : "OpenID Connect built-in scope: profile", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "true", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${profileScopeConsentText}" + }, + "protocolMappers" : [ { + "id" : "e7653223-8515-4a41-b939-89d2e962bdee", + "name" : "birthdate", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "birthdate", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "birthdate", + "jsonType.label" : "String" + } + }, { + "id" : "77756ec1-381b-43a8-acaf-8665cf6c26cf", + "name" : "full name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-full-name-mapper", + "consentRequired" : false, + "config" : { + "id.token.claim" : "true", + "access.token.claim" : "true", + "userinfo.token.claim" : "true" + } + }, { + "id" : "f5cbb3f3-3806-4e4c-973f-44af4c026729", + "name" : "picture", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "picture", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "picture", + "jsonType.label" : "String" + } + }, { + "id" : "5a107cad-90ca-4313-ad8f-2d49369bf61f", + "name" : "updated at", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "updatedAt", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "updated_at", + "jsonType.label" : "String" + } + }, { + "id" : "c141e6f9-dc4e-4b5d-a2b9-4514ea0b2b4a", + "name" : "nickname", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "nickname", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "nickname", + "jsonType.label" : "String" + } + }, { + "id" : "c310863a-f1c8-4273-85ee-e867e6cd9bc1", + "name" : "middle name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "middleName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "middle_name", + "jsonType.label" : "String" + } + }, { + "id" : "1721856b-1b78-486c-be85-828b9ffbe1ca", + "name" : "website", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "website", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "website", + "jsonType.label" : "String" + } + }, { + "id" : "d878c38a-f206-4e37-bea0-3e3f80d4c94c", + "name" : "gender", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "gender", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "gender", + "jsonType.label" : "String" + } + }, { + "id" : "8c297079-e409-4021-98f0-98d8626ad888", + "name" : "locale", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "locale", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "locale", + "jsonType.label" : "String" + } + }, { + "id" : "bbad21ce-2618-4181-ac6f-bfae14e960e5", + "name" : "given name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "given_name", + "jsonType.label" : "String" + } + }, { + "id" : "34e08486-d9b4-4165-9e93-593b5b95a17e", + "name" : "family name", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "lastName", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "family_name", + "jsonType.label" : "String" + } + }, { + "id" : "ef031999-432c-48c5-b3bf-eb420476f801", + "name" : "zoneinfo", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "zoneinfo", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "zoneinfo", + "jsonType.label" : "String" + } + }, { + "id" : "95d05c4d-3ae6-4061-b32a-5990bd15e507", + "name" : "profile", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "profile", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "profile", + "jsonType.label" : "String" + } + }, { + "id" : "c5199596-dfee-48d1-90f8-2c3f605f6a04", + "name" : "username", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-property-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "preferred_username", + "jsonType.label" : "String" + } + } ] + }, { + "id" : "c0b1342a-9c37-46b1-8dce-7dc503db61d0", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${rolesScopeConsentText}" }, - "keycloakVersion": "12.0.2", - "userManagedAccessAllowed": false + "protocolMappers" : [ { + "id" : "0d4e2d2a-05df-4fd9-beff-218d89dd3adb", + "name" : "client roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-client-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "c606f563-6147-4bc7-b9e8-e1591e2e8669", + "name" : "realm roles", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "consentRequired" : false, + "config" : { + "user.attribute" : "foo", + "access.token.claim" : "true", + "claim.name" : "realm_access.roles", + "jsonType.label" : "String", + "multivalued" : "true" + } + }, { + "id" : "05fe3edf-da15-48cb-bf46-fda14d60907b", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + } ] + } ], + "defaultDefaultClientScopes" : [ "web-origins", "profile", "roles", "role_list", "email" ], + "defaultOptionalClientScopes" : [ "offline_access", "address", "microprofile-jwt", "phone" ], + "browserSecurityHeaders" : { + "contentSecurityPolicyReportOnly" : "", + "xContentTypeOptions" : "nosniff", + "xRobotsTag" : "none", + "xFrameOptions" : "SAMEORIGIN", + "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection" : "1; mode=block", + "strictTransportSecurity" : "max-age=31536000; includeSubDomains" + }, + "smtpServer" : { }, + "loginTheme" : "keycloak", + "accountTheme" : "keycloak", + "adminTheme" : "keycloak", + "eventsEnabled" : true, + "eventsExpiration" : 2592000, + "eventsListeners" : [ "jboss-logging" ], + "enabledEventTypes" : [ "TOKEN_EXCHANGE", "LOGIN_ERROR", "CLIENT_LOGIN", "CODE_TO_TOKEN", "LOGIN" ], + "adminEventsEnabled" : false, + "adminEventsDetailsEnabled" : false, + "identityProviders" : [ ], + "identityProviderMappers" : [ ], + "components" : { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { + "id" : "1dcc5b4d-d3f7-41e8-a842-f339d461af8d", + "name" : "Trusted Hosts", + "providerId" : "trusted-hosts", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "host-sending-registration-request-must-match" : [ "true" ], + "client-uris-must-match" : [ "true" ] + } + }, { + "id" : "950012dc-46e4-4349-9520-3b4e633dca40", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "58a6669f-bb9b-4377-853b-c6415c2248bd", + "name" : "Consent Required", + "providerId" : "consent-required", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "6f540ac1-f39e-402f-8bcf-1b0cb139efc4", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + }, { + "id" : "e1223b7e-4725-4711-825f-22a1e26aca7f", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "oidc-address-mapper" ] + } + }, { + "id" : "3f730dc2-0620-4c6a-9203-65147c847f09", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "oidc-address-mapper", "saml-role-list-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", "oidc-sha256-pairwise-sub-mapper" ] + } + }, { + "id" : "371c7fa1-594b-41f2-8062-cc31aff8ad80", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { + "max-clients" : [ "200" ] + } + }, { + "id" : "4b990959-ff0e-4438-a389-6df3d43c4438", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", + "subComponents" : { }, + "config" : { + "allow-default-scopes" : [ "true" ] + } + } ], + "org.keycloak.keys.KeyProvider" : [ { + "id" : "18891d36-57af-486c-bfcb-480fcea516a0", + "name" : "rsa-generated", + "providerId" : "rsa-generated", + "subComponents" : { }, + "config" : { + "privateKey" : [ "MIIEpAIBAAKCAQEArQHoUyGJa2uiBnpXh9renYNIQlOJVQNbY+rhTa5+HBm9BXH8O9/LYUdh717OQ+naATZ6K8Sc35lxlEzZ0Nw/Xj3+PSNbdEJ7uCxoo82xxbA5wcrMHrJyNnTSMSQd5k9diMJEAJ3PDyqgsTOaNf6N68/QCXu+orj+OXe7emy9IOVsP3ZgaA74iKzJTIHT4nJrPxQ6ip6pYxehwAPP+N1nDZunKxpnMurAn85QR+aqJhfxa3ZtcmRPu2+6/hjRM315yeyyQjYDwlXXKEhi3Rg/62UP9F73yXpff83F0oTEfmdrDAqW6V+6n4a0cUszbSeLhGMBFOg4UsvrfTIptCbkHwIDAQABAoIBAEkaQTy/Mv284R2znEC/bslHq8S635CYdollugXE8WyWQ5SFcXsrORjFvNAUUzvHGGLizgSoc1DX2XI8dt0V84Cy2TakNgSOAxDzUtPEGpXZvM3yDwX5iOERw68X/7pNVsxuqaVJCTDzZir6DvM5uGYnzVP0gbzoRiOqQAGe6Nt44SXNK1MDGO3y2Pl2neNgnX3G34MNlvZUXXPRJOjDFhpNy6l+muqAAR4aSmjBkuOHBUp9otJH9ww9Rtb2Dp6KvcjbSWej2o/nVLqBrC6uH+O+jiIk3wbESBIcWNhPP39f7HwgHdsnCxxpAO2HmkOQBOJSIEUqc6iexK+jAgGHLkECgYEA+d/KD2y7DuIdVLc7h9rqYL2DOGYA86fmXMj1W3JcVQQJX5DU2PXvWUACN+NoYM6m99afZieqGS/ynaAbnLW5CM/SsRHm2p0K6yA/lXweZn6YxFmnNgwQrkdN2vAixxHdQb36OP+1OkCQ45dcimcHwXi/0uU6Yd+Ym4z7pRpNY0kCgYEAsT+z2Xdw8Oz4CigxVhskyJbAZwnoWagByppBElSoWg7cN8hTWD1mFuPjiOOWZkkKBSRAVIpEY2XEmiEdXIh6e18dt/Hg3xSijfEfaHZKgxBLAJG0TpfZc3tjrQODrckjb+7NdHno3NvCsxjwLaKrMWC7vzijvCrGU1Fuc2aypCcCgYEAoWlV3pbvUxLvvYzL0NuycaGaRXFnBf6cya0rCdKbIHQGFgy54hkkbzPw+udUwsxbgVfMCjJvJ+wYPohxrc6Z475ULPwSc3/k0LQ5Prg57x2yU4xSfpBWqi33dgmPfabllZVCMVXFXQbeUZayOdmKYgk9aN+Y0iadL0ZoPGP8P7kCgYAMKkUbvdjgkEMN32hTcpV5tu8Jo2JxFNjaoO+qZGkRlUeEBJnDyqMBGy74rDYcWxL2+1/27W54K/nsYi1ztmJBqWuOvmkipnXprAztzICcsjeTmGx5oG5qQKO8sisNeGqYOhmbzuoujl60kBeb6jg5sVvxad/DAGSQP1yHSxsjrQKBgQCTS6Q8gqMgNGZdboLFH5f22aP1ArHdWNOuqQal14B1aKhzrogfhlqeB0fBzoFtIGC10zoneWh1KknhHGkjEvsv5j5W+KxTX7wZgNVI03jzjLfwLOfBFoUFD80yKCjz7kmRdTK4xhC3Xi7+dHgaGsDbXdc/CIQb28bTaf7SAkkYIw==" ], + "certificate" : [ "MIIClzCCAX8CBgF/DqCSBjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARQT1JJMB4XDTIyMDIxODIwNTYxOFoXDTMyMDIxODIwNTc1OFowDzENMAsGA1UEAwwEUE9SSTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK0B6FMhiWtrogZ6V4fa3p2DSEJTiVUDW2Pq4U2ufhwZvQVx/Dvfy2FHYe9ezkPp2gE2eivEnN+ZcZRM2dDcP149/j0jW3RCe7gsaKPNscWwOcHKzB6ycjZ00jEkHeZPXYjCRACdzw8qoLEzmjX+jevP0Al7vqK4/jl3u3psvSDlbD92YGgO+IisyUyB0+Jyaz8UOoqeqWMXocADz/jdZw2bpysaZzLqwJ/OUEfmqiYX8Wt2bXJkT7tvuv4Y0TN9ecnsskI2A8JV1yhIYt0YP+tlD/Re98l6X3/NxdKExH5nawwKlulfup+GtHFLM20ni4RjARToOFLL630yKbQm5B8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEArHZrkAkTY/I33YQ7+PuR0foxvBzVvnL/LvGLp5uQ+IvbuUNNjXx6+fd5aC6CJ+UzwVmU9U73uEDMNFfot4W1eLkxED+2tMdWCuOAr+VuCvkbgTa+mSFGqKTGhh/2Ea7VGsSQH0AZfBP2Z3pGya8Kmq5bUHW0qdKrhKU4trRSgdh7npEZo276KTGiPSAADsAWszE/l3ujKwgflzgba9DQKsuzn+TH7UlmjhDTYMxLCB9dYV5mZxoB4BhNO3Y6XK5nLR+kNxX1/8vi7O/2DYc+yA9xlg00eboXWrjndb1NtTJFxCIlAM5JNRIoKJIqoyFGboqNtaViMHkI6fymKB33wQ==" ], + "priority" : [ "100" ] + } + }, { + "id" : "0087ee0d-e52a-446f-888a-4ec1d2e551cc", + "name" : "hmac-generated", + "providerId" : "hmac-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "03087aed-654e-4e04-8b0a-50a88d8ab458" ], + "secret" : [ "cXobdhu0D-gJph2JKBN4Q2g83agem-XPkITV_nSdFA26MX51PhwogBaLL9tN3JK3Xpkkqy6jgtMCwlpEL5MfoQ" ], + "priority" : [ "100" ], + "algorithm" : [ "HS256" ] + } + }, { + "id" : "1fd252b2-b205-4fda-ab3a-52f8c8298dc2", + "name" : "aes-generated", + "providerId" : "aes-generated", + "subComponents" : { }, + "config" : { + "kid" : [ "2035a547-b4b7-427d-a21c-86214de43615" ], + "secret" : [ "vX6-MCLwyomyrZzz6Xt_Jg" ], + "priority" : [ "100" ] + } + } ] + }, + "internationalizationEnabled" : false, + "supportedLocales" : [ "" ], + "authenticationFlows" : [ { + "id" : "6ddd4f1e-8a69-4885-a985-c602f19b7ec5", + "alias" : "Handle Existing Account", + "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-confirm-link", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "flowAlias" : "Handle Existing Account - Alternatives - 0", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "6b989ce2-c864-4774-8b52-7c65022f0f4e", + "alias" : "Handle Existing Account - Alternatives - 0", + "description" : "Subflow of Handle Existing Account with alternative executions", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-email-verification", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "flowAlias" : "Verify Existing Account by Re-authentication", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "87e9041a-662b-4097-b2f0-e9947c9cecbe", + "alias" : "Verify Existing Account by Re-authentication", + "description" : "Reauthentication of existing account", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "idp-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "flowAlias" : "Verify Existing Account by Re-authentication - auth-otp-form - Conditional", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "1cbce918-6652-4cd0-8999-fa540a014f8e", + "alias" : "Verify Existing Account by Re-authentication - auth-otp-form - Conditional", + "description" : "Flow to determine if the auth-otp-form authenticator should be used or not.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "5f8ab8e2-b01e-40d2-900b-f2ec9ffd11ca", + "alias" : "browser", + "description" : "browser based authentication", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-cookie", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "identity-provider-redirector", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 25, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "flowAlias" : "forms", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "9b493d0b-fd7a-4a34-8e89-4ca31c122148", + "alias" : "clients", + "description" : "Base authentication for clients", + "providerId" : "client-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "client-secret", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "client-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "client-secret-jwt", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 30, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "client-x509", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 40, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "496b001b-fb8a-4179-a580-971f117d1543", + "alias" : "direct grant", + "description" : "OpenID Connect Resource Owner Grant", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "direct-grant-validate-username", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "direct-grant-validate-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 30, + "flowAlias" : "direct grant - direct-grant-validate-otp - Conditional", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "037cdf1f-34be-4881-ba7f-2cd1fc91c128", + "alias" : "direct grant - direct-grant-validate-otp - Conditional", + "description" : "Flow to determine if the direct-grant-validate-otp authenticator should be used or not.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "direct-grant-validate-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "11b4174b-20b6-4f80-b6cf-d79a1c606ff5", + "alias" : "docker auth", + "description" : "Used by Docker clients to authenticate against the IDP", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "docker-http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "9c447601-2686-4d10-83a3-caf11d1b81f7", + "alias" : "first broker login", + "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "review profile config", + "authenticator" : "idp-review-profile", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 20, + "flowAlias" : "first broker login - Alternatives - 0", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "439fd9e5-48cd-49d1-a283-2eb8dc07b84a", + "alias" : "first broker login - Alternatives - 0", + "description" : "Subflow of first broker login with alternative executions", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticatorConfig" : "create unique user config", + "authenticator" : "idp-create-user-if-unique", + "authenticatorFlow" : false, + "requirement" : "ALTERNATIVE", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "ALTERNATIVE", + "priority" : 20, + "flowAlias" : "Handle Existing Account", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "8a5be8d5-7eb9-410b-830c-79ce74caca1b", + "alias" : "forms", + "description" : "Username, password, otp and other auth forms.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "auth-username-password-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 20, + "flowAlias" : "forms - auth-otp-form - Conditional", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "01d05639-bfdc-44f0-9eca-4cee62198bcf", + "alias" : "forms - auth-otp-form - Conditional", + "description" : "Flow to determine if the auth-otp-form authenticator should be used or not.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-otp-form", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "dc7b3643-78eb-49e1-8271-1c22707fa665", + "alias" : "http challenge", + "description" : "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "no-cookie-redirect", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "basic-auth", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "basic-auth-otp", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 30, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "auth-spnego", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 40, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "7c5dfda7-2c6d-4515-83a9-71e3d8afa52c", + "alias" : "registration", + "description" : "registration flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-page-form", + "authenticatorFlow" : true, + "requirement" : "REQUIRED", + "priority" : 10, + "flowAlias" : "registration form", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "9dfdbf8a-88c6-4cbb-b757-5a383c0157ee", + "alias" : "registration form", + "description" : "registration form", + "providerId" : "form-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "registration-user-creation", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-profile-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 40, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-password-action", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 50, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "registration-recaptcha-action", + "authenticatorFlow" : false, + "requirement" : "DISABLED", + "priority" : 60, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "3a2b826f-8137-4029-a2ff-dc7b33b59316", + "alias" : "reset credentials", + "description" : "Reset credentials for a user if they forgot their password or something", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "reset-credentials-choose-user", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-credential-email", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-password", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 30, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticatorFlow" : true, + "requirement" : "CONDITIONAL", + "priority" : 40, + "flowAlias" : "reset credentials - reset-otp - Conditional", + "userSetupAllowed" : false, + "autheticatorFlow" : true + } ] + }, { + "id" : "7eb3240d-08b8-484e-bf2b-114892a595fd", + "alias" : "reset credentials - reset-otp - Conditional", + "description" : "Flow to determine if the reset-otp authenticator should be used or not.", + "providerId" : "basic-flow", + "topLevel" : false, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "conditional-user-configured", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + }, { + "authenticator" : "reset-otp", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 20, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + }, { + "id" : "c2d28a6b-4194-456e-9bb4-ba23f3a54513", + "alias" : "saml ecp", + "description" : "SAML ECP Profile Authentication Flow", + "providerId" : "basic-flow", + "topLevel" : true, + "builtIn" : true, + "authenticationExecutions" : [ { + "authenticator" : "http-basic-authenticator", + "authenticatorFlow" : false, + "requirement" : "REQUIRED", + "priority" : 10, + "userSetupAllowed" : false, + "autheticatorFlow" : false + } ] + } ], + "authenticatorConfig" : [ { + "id" : "3bc7f4c1-1440-4f39-9df7-59bf8e989d04", + "alias" : "create unique user config", + "config" : { + "require.password.update.after.registration" : "false" + } + }, { + "id" : "2f1f1d1e-d3f9-48e1-a8e1-99a2ee9d447f", + "alias" : "review profile config", + "config" : { + "update.profile.on.first.login" : "missing" + } + } ], + "requiredActions" : [ { + "alias" : "CONFIGURE_TOTP", + "name" : "Configure OTP", + "providerId" : "CONFIGURE_TOTP", + "enabled" : true, + "defaultAction" : false, + "priority" : 10, + "config" : { } + }, { + "alias" : "terms_and_conditions", + "name" : "Terms and Conditions", + "providerId" : "terms_and_conditions", + "enabled" : false, + "defaultAction" : false, + "priority" : 20, + "config" : { } + }, { + "alias" : "UPDATE_PASSWORD", + "name" : "Update Password", + "providerId" : "UPDATE_PASSWORD", + "enabled" : true, + "defaultAction" : false, + "priority" : 30, + "config" : { } + }, { + "alias" : "UPDATE_PROFILE", + "name" : "Update Profile", + "providerId" : "UPDATE_PROFILE", + "enabled" : true, + "defaultAction" : false, + "priority" : 40, + "config" : { } + }, { + "alias" : "VERIFY_EMAIL", + "name" : "Verify Email", + "providerId" : "VERIFY_EMAIL", + "enabled" : true, + "defaultAction" : false, + "priority" : 50, + "config" : { } + }, { + "alias" : "delete_account", + "name" : "Delete Account", + "providerId" : "delete_account", + "enabled" : false, + "defaultAction" : false, + "priority" : 60, + "config" : { } + }, { + "alias" : "update_user_locale", + "name" : "Update User Locale", + "providerId" : "update_user_locale", + "enabled" : true, + "defaultAction" : false, + "priority" : 1000, + "config" : { } + } ], + "browserFlow" : "browser", + "registrationFlow" : "registration", + "directGrantFlow" : "direct grant", + "resetCredentialsFlow" : "reset credentials", + "clientAuthenticationFlow" : "clients", + "dockerAuthenticationFlow" : "docker auth", + "attributes" : { + "cibaBackchannelTokenDeliveryMode" : "poll", + "cibaExpiresIn" : "120", + "cibaAuthRequestedUserHint" : "login_hint", + "oauth2DeviceCodeLifespan" : "600", + "clientOfflineSessionMaxLifespan" : "0", + "oauth2DevicePollingInterval" : "5", + "clientSessionIdleTimeout" : "0", + "parRequestUriLifespan" : "60", + "clientSessionMaxLifespan" : "0", + "clientOfflineSessionIdleTimeout" : "0", + "cibaInterval" : "5" + }, + "keycloakVersion" : "16.1.1", + "userManagedAccessAllowed" : false, + "clientProfiles" : { + "profiles" : [ ] + }, + "clientPolicies" : { + "policies" : [ ] + } } diff --git a/demo/kc_setup_default_users.sh b/demo/kc_setup_default_users.sh deleted file mode 100644 index 59f8f24..0000000 --- a/demo/kc_setup_default_users.sh +++ /dev/null @@ -1,44 +0,0 @@ - -export KEYCLOAK_ADMIN_USER=admin -export KEYCLOAK_ADMIN_PASS=admin -export KEYCLOAK_REALM=PORI -export KEYCLOAK_URL=http://localhost:8888/auth -export DEFAULT_PASSWORD=secret - -KEYFILE=keys/keycloak.key - -# Get the Admin user token -auth_resp=$(curl -X POST "${KEYCLOAK_URL}/realms/master/protocol/openid-connect/token" \ - -H "Content-Type: application/x-www-form-urlencoded" \ - -d "username=${KEYCLOAK_ADMIN_USER}" \ - -d "password=${KEYCLOAK_ADMIN_PASS}" \ - -d 'grant_type=password' \ - -d 'client_id=admin-cli') - -token=$( echo $auth_resp | grep -o '"access_token":[^,][^,]*' | sed 's/^"access_token":\s*"//' | sed 's/"$//' ) - -if [ "$token" = "" ]; -then - echo "FAILED to get authorization token" - exit 1 -fi - -# Add the default users with some generated passwords - -BODY_TEMPLATE='{"username": "", "enabled": true, "credentials": [{"type": "password", "value": "", "temporary": false}], "realmRoles": ["IPR", "GraphKB"]}' - -for username in graphkb_admin graphkb_importer ipr_graphkb_link iprdemo colab_demo -do - echo "Adding user: $username" - echo "setting user (${username}) with password (${DEFAULT_PASSWORD})" - body=${BODY_TEMPLATE//$username} - body=${body//$DEFAULT_PASSWORD} - - curl -X POST "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/users" \ - -H 'Content-Type: application/json' \ - -H "Accept: application/json" \ - -H "Authorization: Bearer $token" \ - -d "$body" -done - -echo "" diff --git a/demo/kc_setup_keyfile.sh b/demo/kc_setup_keyfile.sh old mode 100644 new mode 100755 index 1d9dd97..289d8a8 --- a/demo/kc_setup_keyfile.sh +++ b/demo/kc_setup_keyfile.sh @@ -1,17 +1,31 @@ +#!/bin/bash -export KEYCLOAK_ADMIN_USER=admin -export KEYCLOAK_ADMIN_PASS=admin -export KEYCLOAK_REALM=PORI -export KEYCLOAK_URL=http://localhost:8888/auth -export DEFAULT_PASSWORD=secret +if [ "$#" -ne 5 ]; +then + echo "Given: $@" + echo "" + echo "Argument Error:" + echo "$0 " + exit 1 +fi -KEYFILE=keys/keycloak.key +echo "KEYCLOAK_URL=$1" +KEYCLOAK_URL=$1 +echo "KEYCLOAK_USER=$2" +KEYCLOAK_USER=$2 +echo "KEYCLOAK_PASSWORD=$3" +KEYCLOAK_PASSWORD=$3 +echo "KEYCLOAK_REALM=$4" +KEYCLOAK_REALM=$4 +echo "KEYFILE=$5" +KEYFILE=$5 # Get the Admin user token +echo "POST ${KEYCLOAK_URL}/realms/master/protocol/openid-connect/token" auth_resp=$(curl -X POST "${KEYCLOAK_URL}/realms/master/protocol/openid-connect/token" \ -H "Content-Type: application/x-www-form-urlencoded" \ - -d "username=${KEYCLOAK_ADMIN_USER}" \ - -d "password=${KEYCLOAK_ADMIN_PASS}" \ + -d "username=${KEYCLOAK_USER}" \ + -d "password=${KEYCLOAK_PASSWORD}" \ -d 'grant_type=password' \ -d 'client_id=admin-cli') @@ -31,12 +45,6 @@ resp=$(curl -X GET "${KEYCLOAK_URL}/admin/realms/${KEYCLOAK_REALM}/keys" \ # echo $resp key=$( echo $resp | grep -o '"publicKey":[^,][^,]*' | sed 's/^"publicKey":\s*"//' | sed 's/"$//' ) - -if [ ! -d "keys" ]; -then - mkdir keys -fi - echo "writing: $KEYFILE" echo "-----BEGIN PUBLIC KEY-----" > $KEYFILE echo "$key" >> $KEYFILE diff --git a/demo/docker-compose.dev.yml b/docker-compose.dev.yml similarity index 70% rename from demo/docker-compose.dev.yml rename to docker-compose.dev.yml index c807a61..7670965 100644 --- a/demo/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -2,6 +2,29 @@ # therefore does not require the top level apache server to configure the URLs version: '3' services: + keycloak: + build: + context: . + dockerfile: ./demo/Dockerfile.auth + environment: + KEYCLOAK_USER: admin + KEYCLOAK_PASSWORD: admin + PROXY_ADDRESS_FORWARDING: "true" + JAVA_OPTS_APPEND: "-Djboss.socket.binding.port-offset=808" + ports: + - 8888:8888 + networks: + - app-network + healthcheck: + # test fetching public key from PORI realm + test: ["CMD", "bash", "/scripts/kc_setup_keyfile.sh", "http://localhost:8888/auth", "admin", "admin", "PORI", "/keys/keycloak.key"] + interval: 45s + timeout: 10s + retries: 5 + volumes: + - source: ./keys + target: /keys + type: bind graphkb_db: image: orientdb:3.0 environment: @@ -32,9 +55,10 @@ services: # customize settings below GKB_CORS_ORIGIN: '^.*$$' GKB_DBS_PASS: root - GKB_KEYCLOAK_URI: http://localhost:8888/auth/realms/PORI/protocol/openid-connect/token + GKB_KEYCLOAK_URI: http://keycloak:8888/auth/realms/PORI/protocol/openid-connect/token depends_on: - graphkb_db + - keycloak networks: - app-network restart: always @@ -43,6 +67,11 @@ services: target: /keys type: bind read_only: true + healthcheck: + test: ["CMD", "curl", "-f", "http://graphkb_api:8080/api/version"] + interval: 30s + timeout: 10s + retries: 5 graphkb_client: image: bcgsc/pori-graphkb-client:latest environment: @@ -50,7 +79,7 @@ services: KEYCLOAK_CLIENT_ID: GraphKB # customize settings below API_BASE_URL: http://graphkb_api:8080 - KEYCLOAK_URL: http://localhost:8888/auth + KEYCLOAK_URL: http://keycloak:8888/auth PUBLIC_PATH: / ports: - 5000:80 @@ -76,6 +105,11 @@ services: - 5432:5432 networks: - app-network + healthcheck: + test: ["CMD-SHELL", "pg_isready"] + interval: 10s + timeout: 5s + retries: 5 redis: image: redis:6.2-alpine # Set health checks to wait until redis has started @@ -92,6 +126,7 @@ services: restart: always ipr_api: image: bcgsc/pori-ipr-api:latest + command: npm start ports: - 8081:8080 environment: @@ -104,12 +139,13 @@ services: IPR_DATABASE_PASSWORD: root IPR_GRAPHKB_PASSWORD: ipr_graphkb_link IPR_GRAPHKB_URI: http://graphkb_api:8080/api - IPR_KEYCLOAK_URI: http://localhost:8888/auth/realms/PORI/protocol/openid-connect/token + IPR_KEYCLOAK_URI: http://keycloak:8888/auth/realms/PORI/protocol/openid-connect/token IPR_REDIS_HOST: redis IPR_REDIS_PORT: 6379 depends_on: - ipr_db - redis + - keycloak networks: - app-network restart: always @@ -118,6 +154,11 @@ services: target: /keys type: bind read_only: true + healthcheck: + test: ["CMD", "curl", "-f", "http://ipr_api:8080/api/spec.json"] + interval: 30s + timeout: 10s + retries: 5 ipr_client: image: bcgsc/pori-ipr-client:latest environment: @@ -125,7 +166,7 @@ services: # customize settings below API_BASE_URL: http://ipr_api:8081/api GRAPHKB_URL: http://graphkb_client:5000 - KEYCLOAK_URL: http://localhost:8888/auth + KEYCLOAK_URL: http://keycloak:8888/auth PUBLIC_PATH: / ports: - 3000:80 diff --git a/docker-compose.yml b/docker-compose.prod.yml similarity index 92% rename from docker-compose.yml rename to docker-compose.prod.yml index 968634a..676eedf 100644 --- a/docker-compose.yml +++ b/docker-compose.prod.yml @@ -42,6 +42,11 @@ services: target: /keys type: bind read_only: true + healthcheck: + test: ["CMD", "curl", "-f", "http://graphkb_api:8080/api/version"] + interval: 30s + timeout: 10s + retries: 5 graphkb_client: image: bcgsc/pori-graphkb-client:v4.2.2 environment: @@ -118,6 +123,11 @@ services: target: /keys type: bind read_only: true + healthcheck: + test: ["CMD", "curl", "-f", "http://ipr_api:8080/api/spec.json"] + interval: 30s + timeout: 10s + retries: 5 ipr_client: image: bcgsc/pori-ipr-client:v6.6.3 environment: diff --git a/docs/developer_reference/contributing.md b/docs/developer_reference/contributing.md index 4d49f27..598d028 100644 --- a/docs/developer_reference/contributing.md +++ b/docs/developer_reference/contributing.md @@ -4,7 +4,7 @@ If you are new to PORI and would like to contribute, writing tests and documenta ## Tests -When new features are added, corresponding tests should be implemented as well. We use [jest](https://jestjs.io/) for both API and client testing. The client additionally uses [React Testing Library](https://testing-library.com/docs/react-testing-library/intro/). Tests for python adpators are written using [pytest](https://docs.pytest.org/en/6.2.x/). +When new features are added, corresponding tests should be implemented as well. We use [jest](https://jestjs.io/) for both API and client testing. The client additionally uses [React Testing Library](https://testing-library.com/docs/react-testing-library/intro/). Tests for python adaptors are written using [pytest](https://docs.pytest.org/en/6.2.x/). Tests for all repositories will be automatically run as a part of their [GitHub Actions](https://github.com/features/actions) plan. See the next section for more details. diff --git a/docs/developer_reference/getting_started.md b/docs/developer_reference/getting_started.md index 28dc138..b6bbe14 100644 --- a/docs/developer_reference/getting_started.md +++ b/docs/developer_reference/getting_started.md @@ -2,56 +2,73 @@ For working on most of the PORI-related projects you will need to have a number of the components set up. For example, to work on the GraphKB API you will need both an OrientDB server and a Keycloak server already running. -If your institution regularly works on PORI related projects then we reccommend setting up a development instance of the PORI platform which your developers can point their applications to. If you do not have access to something like this, then the easiest way to get the dependencies for whatever part of the PORI platform you are working on up and running is by running the development version of the docker compose configuration found in this repository: [docker-compose.dev.yml](https://github.com/bcgsc/pori/blob/master/docker-compose.dev.yml). +If your institution regularly works on PORI related projects then we recommend setting up a development instance of the PORI platform which your developers can point their applications to. If you do not have access to something like this, then the easiest way to get the dependencies for whatever part of the PORI platform you are working on up and running is by running the development version of the docker compose configuration found in this repository: [docker-compose.dev.yml](https://github.com/bcgsc/pori/blob/master/docker-compose.dev.yml). ```yaml title="docker-compose.dev.yml" --8<-- "./docker-compose.dev.yml" ``` -## Start the Authentication Server +The demo uses a default keycloak setup with a realm "PORI" and two clients: "GraphKB" and "IPR". +For convenience there are also a number of default users which all have the default password of "secret". -First, set up a keycloak instance for development (like the regular set up but you can ignore the https certificates). Since we are not exposing this outside our network and are using it for development and testing only we pass admin/admin as the admin user credentials. You should pick something more secure for non-development or public installations. +![default users](./images/pori-keycloak-default-users.png) + +## Run docker-compose + +First thing you should do is create new/empty directories for the data stored by GraphKB and IPR. ```bash -docker run \ - -e KEYCLOAK_USER=admin \ - -e KEYCLOAK_PASSWORD=admin \ - -p 8443:8334 \ - -p 8888:8080 \ - -d \ - bcgsc/pori-auth:latest +mkdir -p databases/{postgres,orientdb}/{backup,data} ``` -You should now be able to view the browser-based administrative console by visiting [http://localhost:8888](http://localhost:8888) in your browser. +You should also create a new directory for storing the public key from keycloak. This key will be downloaded and stored so that it can be used in checking incoming tokens by the GraphKB and IPR APIs. If this directory already exists you should delete and remake it. -### Download the Public Key File +```bash +mkdir keys +``` + +Now you are ready to start up with the dev compose yml -After the container is started you can go to the admin console GUI to add a users and download the realm's public key file. This must be done prior to starting the other containers. +```bash +docker-compose -f docker-compose.dev.yml up -d +``` -You can do this via the GUI as described in the main [install instructions](../install.md) or via a script using the keycloak REST API. +It will take a minute or two for all of the servers to start. You can check how they look with docker -```bash title="kc_setup_keyfile.sh" ---8<-- "./kc_setup_keyfile.sh" +```bash +docker ps ``` -### Create the Default Users +If any of them show "(health: starting)" then they are not ready yet. + +### Viewing Log Files -Next, create the users as specified in the main [install instructions](https://bcgsc.github.io/pori/install) or via the script below. +Sometimes you will need to check the logs from the various servers, this can be done with the docker logs command. First find the container ID (or name) by listing all the running containers with `docker ps` and then run the following -```bash title="kc_setup_default_users.sh" ---8<-- "./kc_setup_default_users.sh" +```bash +docker logs ``` -## Run docker-compose +### Loading Data into GraphKB -Once keycloak is set up you will need to create some directories for storing database data (so that is persists when you stop and restart your docker containers) +If you are running the GraphKB loader via its docker container you will need to tell it to use the host network so that it is able to find the GraphKB API. + +Here is an example of running the GraphKB Loader on the vocabulary terms using the docker container and the docker-compose setup described above. + +First download the vocabulary terms data ```bash -mkdir -p databases/{postgres,orientdb}/{backup,data} +wget https://raw.githubusercontent.com/bcgsc/pori_graphkb_loader/develop/data/vocab.json ``` -Now you are ready to start up with the dev compose yml +Then you can load these terms using the ontology file loader ```bash -docker-compose -f demo/docker-compose.dev.yml up -d +docker run --net host bcgsc/pori-graphkb-loader:latest \ + -u graphkb_importer \ + -p secret \ + -g http://localhost:8888/api \ + file \ + ontology \ + vocab.json ``` diff --git a/docs/graphkb/index.md b/docs/graphkb/index.md index 46598fd..1d04d2b 100644 --- a/docs/graphkb/index.md +++ b/docs/graphkb/index.md @@ -16,7 +16,7 @@ GraphKB functions both as an aggregate knowledge base as well as a standalone ap ### Multiple Overlapping Ontologies -GraphKB is unique among other knowledge base projects in its inclusion of ontology relations and subsquent real-time leveraging of their inherent graph structure. The simultaenous loading of multiple overlapping ontologies allows for better coverage of terms when loading data from resources without controlled vocabulary[^1]. It also enables users to match the chosen ontology of the source resource when specified. +GraphKB is unique among other knowledge base projects in its inclusion of ontology relations and subsequent real-time leveraging of their inherent graph structure. The simultaneous loading of multiple overlapping ontologies allows for better coverage of terms when loading data from resources without controlled vocabulary[^1]. It also enables users to match the chosen ontology of the source resource when specified. [^1]: [Reisle, C. et al. A Platform for Oncogenomic Reporting and Interpretation. bioRxiv 2021.04.13.439667 (2021) doi:10.1101/2021.04.13.439667](https://www.biorxiv.org/content/10.1101/2021.04.13.439667v1) @@ -51,7 +51,7 @@ Similarly, common names of signatures have been organized and related to allow u The simplest way to try out GraphKB is via the demo we provide [here](https://pori-demo.bcgsc.ca/). simply click on the `/graphkb` link and enter the provided credentials (`graphkb_admin`/`graphkb_admin`). This will allow you to test out the application before having to set up your own instance. If your -institution would like to host an instance of GraphKB please see the instuctions for developers and +institution would like to host an instance of GraphKB please see the instructions for developers and system administrators in the next section. ### Developers / Sys-Admins diff --git a/docs/images/pori-keycloak-default-users.png b/docs/images/pori-keycloak-default-users.png new file mode 100644 index 0000000..6c5ca30 Binary files /dev/null and b/docs/images/pori-keycloak-default-users.png differ diff --git a/docs/install.md b/docs/install.md index 98d1164..e96fe02 100644 --- a/docs/install.md +++ b/docs/install.md @@ -1,122 +1,127 @@ # Install with Docker -Since PORI is a production-ready, institution-level, scaleable platform, the simplest way to get the entire platform up and running from scratch is using [docker](https://www.docker.com/). Most of the servers are auto-started together with docker-compose but the keycloak container must be started and configured on its own first. The instructions below set up the platform with HTTPS and then use a reverse proxy to pick up the ports. This way you can omit the proxy step and run the platform with http when initially setting up and testing. If you are a developer you may wish to look at the [getting started section](./developer_reference/getting_started.md) in the developers guide instead. +Since PORI is a production-ready, institution-level, scalable platform, the simplest way to get the entire platform up and running from scratch is using [docker](https://www.docker.com/). For simplicity the default instructions set up the platform with http. -Start by cloning this repository which contains the default docker compose config (docker-compose.yml) +Most of the servers are auto-started together with docker-compose but the keycloak container must be started and configured on its own first. + +Start by cloning this repository which contains the default docker compose configs (`docker-compose.yml` and `docker-compose.dev.yml`) ```bash git clone https://github.com/bcgsc/pori.git cd pori ``` -## Start the Authentication Server +For working on most of the PORI-related projects you will need to have a number of the components set up. For example, to work on the GraphKB API you will need both an OrientDB server and a Keycloak server already running. -Before any of the other systems can be set up you will need to start the authenication server. By -default, PORI authenticates against an instance of [KeyCloak](https://www.keycloak.org/). For convenience we have provided a -docker container with a default configuration of keycloak. This is the authentication server used -by our [demo instance](https://pori-demo.bcgsc.ca/). If your institution already has a keycloak -server then we have more [detailed instuctions on setting up through the GUI](https://github.com/bcgsc/pori/blob/master/docs/auth.md) -in this repository. +If your institution regularly works on PORI related projects then we recommend setting up a development instance of the PORI platform which your developers can point their applications to. If you do not have access to something like this, then the easiest way to get the dependencies for whatever part of the PORI platform you are working on up and running is by running the development version of the docker compose configuration found in this repository: [docker-compose.dev.yml](https://github.com/bcgsc/pori/blob/master/docker-compose.dev.yml). -```bash -docker run \ - -e KEYCLOAK_USER=admin \ - -e KEYCLOAK_PASSWORD= \ - -e KEYCLOAK_FRONTEND_URL= \ - -p 8443:8334 \ - -p 8888:8080 \ - -d \ - --mount type=bind,source=/etc/ssl/certs/current,target=/etc/x509/https,readonly \ - bcgsc/pori-auth:latest +```yaml title="docker-compose.dev.yml" +--8<-- "./docker-compose.dev.yml" ``` -For the demo server (excluding password) this looked like +The demo uses a default keycloak setup with a realm "PORI" and two clients: "GraphKB" and "IPR". +For convenience there are also a number of default users which all have the default password of "secret". + +| Name | Default in DB | Purpose | +| ---------------- | ------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | +| graphkb_importer | GraphKB | This is the default user that is created when the new GraphKB DB is created. It is an admin user that can be used to add new users or import content | +| ipr_graphkb_link | GraphKB | This is the user used by IPR to pull data from GraphKB | +| iprdemo | IPR | This is an admin user in the IPR demo db | +| graphkb_admin | GraphKB | Admin user for managing content/users in the GraphKB web interface | + + +![default users](../images/pori-keycloak-default-users.png) + +## Run docker-compose + +The first thing you should do is create new/empty directories for the data stored by GraphKB and IPR. ```bash -docker run \ - -e KEYCLOAK_USER=admin \ - -e KEYCLOAK_PASSWORD=$DEMO_KC_ADMIN \ - -e KEYCLOAK_FRONTEND_URL=https://pori-demo.bcgsc.ca/auth \ - -p 8443:8334 \ - -p 8888:8080 \ - -d \ - --mount type=bind,source=/etc/ssl/certs/current,target=/etc/x509/https,readonly \ - bcgsc/pori-auth:latest +mkdir -p databases/{postgres,orientdb}/{backup,data} ``` -Check that the docker container has started +You should also create a new directory for storing the public key from keycloak. This key will be downloaded and store so that it was be used in checking incoming tokens by the GraphKB and IPR APIs. If this directory already exists you should delete and remake it. ```bash -docker ps +mkdir keys ``` -You should see something like this +Next, use docker-compose to start the DB, API, and client servers. The paths/URLs in the docker-compose.yml file should be adjusted to match your deployment. In our demo deployment we have a proxy pass set up from the configured ports to handle the https layer -```text -CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES -16ff3826c976 bcgsc/pori-auth:latest "/opt/jboss/tools/do…" About a minute ago Up About a minute 8443/tcp, 0.0.0.0:8888->8080/tcp strange_chaum +```bash +docker-compose -f docker-compose.dev.yml up -d ``` -### Download the Public Key File - -After the container is started you can go to the admin console GUI to add a users and download the realm's public key file. This must be done prior to starting the other containers. +This will start the following services -The public key file will need to be passed to the GraphKB API container at run time. Copy it from the Realms > Keys page which should look something like below +- Postgres db server for IPR with a default db dump +- OrientDB server for GraphKB with an empty default db +- GraphKB API server (nodejs) +- IPR API server (nodejs) +- GraphKB client server (nginx) +- IPR client server (nginx) +- Keycloak Authentication server -![keycloak realms page](./images/keycloak-get-public-key.png) +Once the platform is live you can [populate the new GraphKB instance](./graphkb/loading_data.md) +with external content using the loaders. -For the purposes of this example we have saved it as `keys/keycloak.key` and we will mount the keys directory to the api container in the next step. The content of the file should look something like this +It will take a minute or two for all of the servers to start. You can check how they look with docker -```text ------BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoteEI/Iu923I4Zqt8prxIx3ljGEecnrI+sWjo4U3n14n/nY5NpfCiA+Pg1WQTQKsBHX5/sIm+Fn5FJpcpBzz8/5uEQJyPEOEezEuiP/yYjVbg4S25reOaQNRfsw7yZvdgrMySy3MrfjWw+luLa6Nt4AvZ6ywOqE8Q4SZgVxGQg07acenpR6U+bkNj3AxFFEeYqiktfKPI7iLykVBz/hXANnrs9zd036vcgAYa2IxmWpo38ZOksKTgYL5IDG1zZ5S6VM43mD7hE8jG+kCVbiNVlrYFTXxIkRmaOO9krykPoLux7tjXAFEfTwMji++HQjc724FigsnoJ3xZkUzCSzkTQIDAQAB ------END PUBLIC KEY----- +```bash +docker ps ``` -Both the IPR and GraphKB API containers will use this ./keys folder, binding it into the container at run time (See volumes section of docker compose file). - -Note that for your convenience this can also be done with the following bash command +If any of them show "(health: starting)" then they are not ready yet. -### Adding Default Demo Users +### Viewing Log Files -You will also want to add a couple of users to make things simpler to test. If you use the non-default demo passwords (RECCOMMENDED!) you will need to change the corresponding fields in the docker compose file. The names of these users can also be changed but it will require also adding them to the application databases. - -| Name | Default in DB | Purpose | -| ---------------- | ------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | -| graphkb_importer | GraphKB | This is the default user that is created when the new GraphKB DB is created. It is an admin user that can be used to add new users or import content | -| ipr_graphkb_link | GraphKB | This is the user used by IPR to pull data from GraphKB | -| iprdemo | IPR | This is an admin user in the IPR demo db | -| graphkb_admin | GraphKB | Admin user for managing content/users in the GraphKB web interface | +Sometimes you will need to check the logs from the various servers, this can be done with the docker logs command. First find the container ID (or name) by listing all the running containers with `docker ps` and then run the following -Add the above users to keycloak with the IPR and GraphKB roles. +```bash +docker logs +``` -![adding users](./images/keycloak-add-users.png) +### Loading Data into GraphKB -## Docker-Compose +If you are running the GraphKB loader via its docker container you will need to tell it to use the host network so that it is able to find the GraphKB API. -Now you are ready to start the other services. This will use the `docker-compose.yml` file to configure the network. +Here is an example of running the GraphKB Loader on the vocabulary terms using the docker container and the docker-compose setup described above. -First create empty directories to mount the database data, this will ensure the databases are not lost when you stop/restart the container +First download the vocabulary terms data ```bash -mkdir -p databases/{postgres,orientdb}/{backup,data} +wget https://raw.githubusercontent.com/bcgsc/pori_graphkb_loader/develop/data/vocab.json ``` -Next, use docker-compose to start the DB, API, and client servers. The paths/URLs in the docker-compose.yml file should be adjusted to match your deployment. In our demo deployment we have a proxy pass set up from the configured ports to handle the https layer +Then you can load these terms using the ontology file loader ```bash -docker-compose up +docker run --net host \ + --mount src=$(pwd)/vocab.json,dst=/data/vocab.json,type=bind \ + bcgsc/pori-graphkb-loader:latest \ + -u graphkb_importer \ + -p secret \ + -g http://localhost:8080/api \ + file \ + ontology \ + /data/vocab.json ``` -This will start the following services +!!! Note -- Postgres db server for IPR with a default db dump -- OrientDB server for GraphKB with an empty default db -- GraphKB API server (nodejs) -- IPR API server (nodejs) -- GraphKB client server (nginx) -- IPR client server (nginx) + Because we are running the loader by itself we need to provide the mount arguments to tell docker that we need access to a file outside of the container itself. When we run this with the snakemake pipeline this is not necessary since snakemake generally takes care of that for you -Once the platform is live you can [populate the new GraphKB instance](./graphkb/loading_data.md) -with external content using the loaders. +## Production Instances + +### HTTPS + +For a production instance of PORI you will want to use HTTPS instead of HTTP. The simplest way to accomplish this is with a reverse proxy to pick up the ports. This way you can run the platform as above, with http, when initially setting up and testing. + +Once you have your reverse proxy set up and configured you can use the newly bound URLs in place of the http://hostname:port URLs. + +An example of what the HTTPs URLs using a reverse proxy may look like is included in the "prod" version of the docker-compose file, however you would need to replace these with your own URLs and mappings + +### Keycloak + +In the `docker-compose.dev.yml` example, we are using the embedded h2 database with keycloak for simplicity, if you are using this in production you should use an external database with keycloak. Our production version does not include keycloak at all as it is run seperately since it is used for many different applications beyond PORI. diff --git a/mkdocs.yml b/mkdocs.yml index 03f2d64..77a6073 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -16,7 +16,7 @@ markdown_extensions: - pymdownx.extra - pymdownx.snippets: check_paths: True - base_path: demo + base_path: . - pymdownx.emoji: emoji_index: !!python/name:materialx.emoji.twemoji emoji_generator: !!python/name:materialx.emoji.to_svg diff --git a/tests/test-docker-compose.sh b/tests/test-docker-compose.sh new file mode 100644 index 0000000..e4642f2 --- /dev/null +++ b/tests/test-docker-compose.sh @@ -0,0 +1,35 @@ +RETRY=10 +TIMEOUT=20 +MIN_HEALTHY_EXPECTED=4 +SERVICES_EXPECTED=8 + +x=0; +healthy_count=-1 +up_count=-1 + +while [ $x -le $RETRY ] +do + x=$(( $x + 1 )); + healthy_count=$( docker ps | grep pori_ | grep -c '(healthy)' ) + up_count=$( docker ps | grep pori_ | grep -c '\sUp ' ) + + if [ $healthy_count -ge $MIN_HEALTHY_EXPECTED ]; + then + # at least 4 services current have health checks + if [ $up_count -eq $SERVICES_EXPECTED ]; + then + echo "Expected number of services found as up and running" + exit 0; + fi + fi + echo "$healthy_count != $MIN_HEALTHY_EXPECTED (healthy) or $up_count != $SERVICES_EXPECTED (up)" + + if [ $x -le $RETRY ]; + then + echo "sleep $TIMEOUT before next retry" + sleep $TIMEOUT; + fi +done + +echo "$healthy_count != $MIN_HEALTHY_EXPECTED (healthy) or $up_count != $SERVICES_EXPECTED (up)" +exit 1