All Downloads are FREE. Search and download functionalities are using the official Maven repository.

ps.keycloak.1.0.5.source-code.cm.yml Maven / Gradle / Ivy

There is a newer version: 1.0.8
Show newest version
metadata:
  annotations:
    expose.config.fabric8.io/apiserver-url-key: apiserver.url
    expose.service-key.config.fabric8.io/fabric8: fabric8.url
    expose.service-key.config.fabric8.io/keycloak: keycloak.url
    expose.service-key.config.fabric8.io/jenkins: jenkins.url
    expose-full.service-key.config.fabric8.io/wit: wit.api.url
    expose-no-path.service-key.config.fabric8.io/auth: auth.url
data:
  db.url: keycloak-db
  db.port: "5432"
  apiserver.url: http://kubernetes
  fabric8.url: http://fabric8
  jenkins.url: http://jenkins
  keycloak.url: http://keycloak
  auth.api.url: http://auth
  wit.api.url: http://wit
  fabric8-realm.json: |-
    {
      "realm": "fabric8",
      "enabled": true,
      "loginTheme": "fabric8",
      "privateKey": "${KEYCLOAK_PRIVATEKEY}",
      "publicKey": "${KEYCLOAK_PUBLICKEY}",
      "sslRequired": "external",
      "accessTokenLifespan": 2592000,
      "accessTokenLifespanForImplicitFlow": 1296000,
      "ssoSessionIdleTimeout": 2592000,
      "accessCodeLifespanUserAction": 36000,
      "accessCodeLifespanLogin": 2592000,
      "ssoSessionMaxLifespan": 2592000,
      "offlineSessionIdleTimeout": 2592000,
      "accessCodeLifespan": 60,
      "clients": [
        {
          "clientId": "fabric8-online-platform",
          "enabled": true,
          "standardFlowEnabled": true,
          "implicitFlowEnabled": false,
          "directAccessGrantsEnabled": true,
          "authorizationServicesEnabled": true,
          "fullScopeAllowed": true,
          "serviceAccountsEnabled": true,
          "clientAuthenticatorType": "client-secret",
          "secret": "${KEYCLOAK_CLIENTID_SECRET}",
          "publicClient": true,
          "adminUrl": "",
          "baseUrl": "",
          "redirectUris": [
            "http://localhost:8080/api/login/*",
            "${AUTH_URL}*",
            "${WIT_URL}*",
            "${JENKINS_URL}/securityRealm/finishLogin",
            "${KEYCLOAK_URL}/*"
          ],
          "webOrigins": [
            "*"
          ],
          "defaultRoles": [
            "uma_protection"
          ],
          "authorizationSettings": {
            "allowRemoteResourceManagement": true,
            "policyEnforcementMode": "ENFORCING",
            "scopes": [
              {
                "name": "read:space"
              },
              {
                "name": "admin:space"
              }
            ]
          },
          "protocolMappers": [
            {
              "id": "0dc3e03b-f0c3-4e7e-b0c9-d99c46ba9161",
              "name": "Approved",
              "protocol": "openid-connect",
              "protocolMapper": "oidc-usermodel-attribute-mapper",
              "consentRequired": false,
              "config": {
                "userinfo.token.claim": "true",
                "user.attribute": "approved",
                "id.token.claim": "false",
                "access.token.claim": "true",
                "claim.name": "approved",
                "jsonType.label": "boolean"
              }
            },
            {
              "id" : "5f949838-20b6-4544-998c-96d066298b3d",
              "name" : "email",
              "protocol" : "openid-connect",
              "protocolMapper" : "oidc-usermodel-property-mapper",
              "consentRequired" : true,
              "consentText" : "${email}",
              "config" : {
                "userinfo.token.claim" : "true",
                "user.attribute" : "email",
                "id.token.claim" : "true",
                "access.token.claim" : "true",
                "claim.name" : "email",
                "jsonType.label" : "String"
              }
            }, {
              "id" : "7bd87e1c-76a7-4856-ab58-a49d15ccdad8",
              "name" : "given name",
              "protocol" : "openid-connect",
              "protocolMapper" : "oidc-usermodel-property-mapper",
              "consentRequired" : true,
              "consentText" : "${givenName}",
              "config" : {
                "userinfo.token.claim" : "true",
                "user.attribute" : "firstName",
                "id.token.claim" : "true",
                "access.token.claim" : "true",
                "claim.name" : "given_name",
                "jsonType.label" : "String"
              }
            }, {
              "id" : "fd7a276f-12bf-4cb9-86a5-d91dd00518e7",
              "name" : "username",
              "protocol" : "openid-connect",
              "protocolMapper" : "oidc-usermodel-property-mapper",
              "consentRequired" : true,
              "consentText" : "${username}",
              "config" : {
                "userinfo.token.claim" : "true",
                "user.attribute" : "username",
                "id.token.claim" : "true",
                "access.token.claim" : "true",
                "claim.name" : "preferred_username",
                "jsonType.label" : "String"
              }
            }, {
              "id" : "a7fd0801-be94-4540-af9f-45f0f8914224",
              "name" : "role list",
              "protocol" : "saml",
              "protocolMapper" : "saml-role-list-mapper",
              "consentRequired" : false,
              "config" : {
                "single" : "false",
                "attribute.nameformat" : "Basic",
                "attribute.name" : "Role"
              }
            }, {
              "id" : "fbf2ac93-fb3b-4e15-afc8-585e5e8e1049",
              "name" : "full name",
              "protocol" : "openid-connect",
              "protocolMapper" : "oidc-full-name-mapper",
              "consentRequired" : true,
              "consentText" : "${fullName}",
              "config" : {
                "id.token.claim" : "true",
                "access.token.claim" : "true",
                "userinfo.token.claim" : "true"
              }
            }, {
              "id" : "3d6c2c1f-f048-45b1-b1cf-a0774397ad7f",
              "name" : "Client IP Address",
              "protocol" : "openid-connect",
              "protocolMapper" : "oidc-usersessionmodel-note-mapper",
              "consentRequired" : false,
              "consentText" : "",
              "config" : {
                "user.session.note" : "clientAddress",
                "userinfo.token.claim" : "true",
                "id.token.claim" : "true",
                "access.token.claim" : "true",
                "claim.name" : "clientAddress",
                "jsonType.label" : "String"
              }
            }, {
              "id" : "57ec513a-aa97-46b8-b888-4c2f9197d6db",
              "name" : "family name",
              "protocol" : "openid-connect",
              "protocolMapper" : "oidc-usermodel-property-mapper",
              "consentRequired" : true,
              "consentText" : "${familyName}",
              "config" : {
                "userinfo.token.claim" : "true",
                "user.attribute" : "lastName",
                "id.token.claim" : "true",
                "access.token.claim" : "true",
                "claim.name" : "family_name",
                "jsonType.label" : "String"
              }
            }, {
              "id" : "bdc1ad99-471f-4c83-aa2e-03fbcf620954",
              "name" : "Client ID",
              "protocol" : "openid-connect",
              "protocolMapper" : "oidc-usersessionmodel-note-mapper",
              "consentRequired" : false,
              "consentText" : "",
              "config" : {
                "user.session.note" : "clientId",
                "userinfo.token.claim" : "true",
                "id.token.claim" : "true",
                "access.token.claim" : "true",
                "claim.name" : "clientId",
                "jsonType.label" : "String"
              }
            }, {
              "id" : "1fa76490-354b-4b62-a6d0-b767a165d2a1",
              "name" : "Client Host",
              "protocol" : "openid-connect",
              "protocolMapper" : "oidc-usersessionmodel-note-mapper",
              "consentRequired" : false,
              "consentText" : "",
              "config" : {
                "user.session.note" : "clientHost",
                "userinfo.token.claim" : "true",
                "id.token.claim" : "true",
                "access.token.claim" : "true",
                "claim.name" : "clientHost",
                "jsonType.label" : "String"
              }
            }
          ]
        },
        {
          "clientId": "che",
          "enabled": true,
          "redirectUris": [
            "*"
          ],
          "implicitFlowEnabled": false,
          "directAccessGrantsEnabled": true,
          "publicClient": true,
          "protocol": "openid-connect",
          "fullScopeAllowed": true
        }
      ],
      "users": [
        {
          "username": "service-account-fabric8-online-platform",
          "enabled": true,
          "totp": false,
          "emailVerified": false,
          "email": "[email protected]",
          "serviceAccountClientId": "fabric8-online-platform",
          "credentials": [],
          "disableableCredentialTypes": [],
          "requiredActions": [],
          "realmRoles": [
            "offline_access",
            "uma_authorization"
          ],
          "clientRoles": {
            "realm-management": [
              "view-users",
              "manage-authorization"
            ],
            "broker": [
              "read-token"
            ],
            "fabric8-online-platform": [
              "uma_protection"
            ],
            "account": [
              "manage-account",
              "view-profile"
            ]
          },
          "groups": []
        }
      ],
      "clientScopeMappings": {
        "realm-management": [
          {
            "client": "fabric8-online-platform",
            "roles": [
              "view-users"
            ]
          },
          {
            "client": "fabric8-online-platform",
            "roles": [
              "manage-authorization"
            ]
          }
        ],
        "broker": [
          {
            "client": "fabric8-online-platform",
            "roles": [
              "read-token"
            ]
          }
        ]
      },
      "roles": {
        "realm": [
          {
            "name": "read:space",
            "description": "Read space"
          },
          {
            "name": "admin:space",
            "description": "Admin space"
          }
        ]
      },
      "identityProviders": [
        {
          "alias": "openshift-v3",
          "providerId": "openshift-v3",
          "enabled": true,
          "updateProfileFirstLogin": "true",
          "storeToken": "true",
          "addReadTokenRoleOnCreate": true,
          "config": {
            "hideOnLoginPage": "${HIDE_OPENSHIFT_BTN}",
            "baseUrl": "${K8S_API_SERVER}",
            "clientId": "fabric8-online-platform",
            "defaultScope": "user:full",
            "clientSecret": "fabric8"
          }
        },
        {
          "alias": "github",
          "providerId": "github",
          "enabled": true,
          "updateProfileFirstLogin": "true",
          "storeToken": "true",
          "trustEmail": true,
          "addReadTokenRoleOnCreate": true,
          "config": {
            "hideOnLoginPage": "${HIDE_GITHUB_BTN}",
            "clientSecret": "${GITHUB_OAUTH_CLIENT_SECRET}",
            "clientId": "${GITHUB_OAUTH_CLIENT_ID}",
            "defaultScope": "admin:repo_hook read:org repo user gist",
            "useJwksUrl": "true"
          }
        }
      ],
      "identityProviderMappers": [
        {
          "name": "approved",
          "identityProviderAlias": "openshift-v3",
          "identityProviderMapper": "hardcoded-attribute-idp-mapper",
          "config": {
            "attribute.value": "true",
            "attribute": "approved"
          }
        },
        {
          "name": "approved",
          "identityProviderAlias": "github",
          "identityProviderMapper": "hardcoded-attribute-idp-mapper",
          "config": {
            "attribute.value": "true",
            "attribute": "approved"
          }
        }
      ]
    }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy