-
Notifications
You must be signed in to change notification settings - Fork 0
/
keycloak-deploy.schema.json
211 lines (211 loc) Β· 6.83 KB
/
keycloak-deploy.schema.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
{
"$id": "https://elmsln.org/keycloak-deploy.schema.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Keycloak Client Deployment",
"type": "object",
"properties": {
"keycloak": { "$ref": "#/$defs/keycloak" },
"client": { "$ref": "#/$defs/client" },
"roles": {
"type": "array",
"description": "Roles to be created with the client.",
"items": { "$ref": "#/$defs/role" }
}
},
"required": ["client"],
"$defs": {
"keycloak": {
"type": "object",
"description": "General Keycloak Configuration",
"properties": {
"hostname": {
"type": "string",
"description": "Specifies the FQDN of the keycloak host."
},
"realm": {
"type": "string",
"description": "Specifies the realm where the client will be created."
}
},
"required": ["realm"]
},
"client": {
"type": "object",
"description": "General specification for the client.",
"properties": {
"name": {
"type": "string",
"description": "Specifies display name of the client. For example 'My Client'."
},
"clientId": {
"type": "string",
"description": "Specifies ID referenced in URI and tokens. For example 'my-client'."
},
"protocol": {
"type": "string",
"description": "Specifies whether to use Open ID Connect or SAML for the client. Value must be 'openid-connect', or 'saml'"
},
"description": {
"type": "string",
"description": "Human readable summary of the client"
},
"alwaysDisplayInConsole": {
"type": "boolean",
"description": "Whether to consistently display the client in the Keycloak admin console"
},
"oidc": { "$ref": "#/$defs/oidc" },
"access": { "$ref": "#/$defs/access" },
"login": { "$ref": "#/$defs/login" },
"logout": { "$ref": "#/$defs/logout" },
"scopes": {
"type": "array",
"items": { "$ref": "#/$defs/scopes" },
"description": ""
}
},
"required": ["clientId", "protocol"]
},
"oidc": {
"type": "object",
"description": "Configuration for the OIDC protocol.",
"properties": {
"publicClient": {
"type": "boolean",
"description": "Defines the type of the OIDC client. When it's 'true', the OIDC type is set to confidential access type. When it's 'false', it is set to public access type."
},
"authorizationServicesEnabled": {
"type": "boolean",
"description": "Enable/Disable fine-grained authorization support for a client."
},
"authenticationFlow": {
"type": "array",
"items": {
"type": "string"
},
"description": "??see below"
},
"authenticationFlowBindingOverrides": {
"type": "array",
"items": {
"type": "string"
},
"description": "The selected OIDC Authentication Flow type."
}
}
},
"access": {
"type": "object",
"description": "",
"properties": {
"standardFlowEnabled": {
"type": "boolean",
"description": "If true, clients are allowed to use the OIDC Authorization Code Flow."
},
"implicitFlowEnabled": {
"type": "boolean",
"description": "If true, clients are allowed to use the OIDC Implicit Flow."
},
"directAccessGrantsEnabled": {
"type": "boolean",
"description": "If true, clients are allowed to use OIDC Direct Grants"
},
"rootUrl": {
"type": "string",
"description": "Root URL appended to relative URLs."
},
"baseUrl": {
"type": "string",
"description": "Default URL to use when the auth server needs to redirect or link back to the client."
},
"redirectUris": {
"type": "array",
"items": {
"type": "string"
},
"description": "Valid URI pattern a browser can redirect to after a successful login. Wildcards and relative paths may be used."
},
"webOrigins": {
"type": "array",
"items": {
"type": "string"
},
"description": "Allowed CORS origins. To permit all origins of Redirect URIs, add '+'."
},
"adminUrl": {
"type": "string",
"description": "URL to the admin interface of the client. Set this if the client supports the adapter REST API."
}
}
},
"login": {
"type": "object",
"description": "",
"properties": {
"consentRequired": {
"type": "boolean",
"description": "If enabled, users have to consent to client access."
},
"display-client": {
"type": "boolean",
"description": "??Applicable only if 'consent' is defined for this client. If 'true', there will be an item on the consent screen about this client itself."
},
"consent-text": {
"type": "string",
"description": "??Applicable only if 'display-client' is 'true' for this client. Contains the text which will be on the consent screen about permissions for this client."
}
}
},
"logout": {
"type": "object",
"description": "",
"properties": {
"frontchannelLogout": {
"type": "boolean",
"description": "If 'true', logout requires a browser redirect to client. If 'false', server performs a background invocation for logout."
}
}
},
"scopes": {
"type": "object",
"description": "Client-Role mappings that the client will use.",
"properties": {
"fullScopeAllowed": {
"type": "boolean",
"description": "Specifies that the effective roles of the scope are every declared role in the realm."
},
"defaultClientScopes": {
"type": "array",
"description": "Specifies the default Client Scopes",
"items": {
"type": "string"
}
},
"optionalClientScopes": {
"type": "array",
"description": "Specifies the optional client scopes",
"items": {
"type": "string"
}
}
}
},
"role": {
"type": "object",
"description": "Description of a Keycloak Role",
"properties": {
"name": {
"type": "string",
"description": "Name of the role being created"
},
"clientRole": {
"type": "boolean",
"description": "Whether the role is a Client Role"
},
"description": {
"type": "string",
"description": "Brief description of the role"
}
}
}
}
}