atform.apps.keycloak.4.0.201.source-code.cm.yml Maven / Gradle / Ivy
metadata:
annotations:
expose.config.fabric8.io/apiserver-url-key: apiserver.url
expose.service-key.config.fabric8.io/fabric8: fabric8.url
expose.service-key.config.fabric8.io/keycloak: keycloak.url
expose.service-key.config.fabric8.io/jenkins: jenkins.url
expose-full.service-key.config.fabric8.io/wit: wit.api.url
data:
db.url: keycloak-db
db.port: "5432"
apiserver.url: http://kubernetes
fabric8.url: http://fabric8
jenkins.url: http://jenkins
keycloak.url: http://keycloak
wit.api.url: http://wit
fabric8-realm.json: |-
{
"realm": "fabric8",
"enabled": true,
"loginTheme": "fabric8",
"privateKey": "${KEYCLOAK_PRIVATEKEY}",
"publicKey": "${KEYCLOAK_PUBLICKEY}",
"sslRequired": "external",
"accessTokenLifespan" : 2592000,
"accessTokenLifespanForImplicitFlow" : 1296000,
"ssoSessionIdleTimeout" : 2592000,
"accessCodeLifespanUserAction" : 36000,
"accessCodeLifespanLogin" : 2592000,
"ssoSessionMaxLifespan" : 2592000,
"offlineSessionIdleTimeout" : 2592000,
"accessCodeLifespan" : 60,
"clients": [
{
"clientId": "fabric8-online-platform",
"enabled": true,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"authorizationServicesEnabled" : true,
"fullScopeAllowed": true,
"serviceAccountsEnabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "${KEYCLOAK_CLIENTID_SECRET}",
"publicClient" : true,
"adminUrl" : "",
"baseUrl" : "",
"redirectUris": [
"http://localhost:8080/api/login/*",
"${WIT_URL}*",
"${JENKINS_URL}/securityRealm/finishLogin",
"${KEYCLOAK_URL}/*"
],
"webOrigins": [
"*"
],
"defaultRoles": ["uma_protection"],
"authorizationSettings" : {
"allowRemoteResourceManagement" : true,
"policyEnforcementMode" : "ENFORCING",
"scopes" : [ {
"name" : "read:space"
}, {
"name" : "admin:space"
} ]
}
}
],
"users": [{
"username": "service-account-fabric8-online-platform",
"enabled": true,
"totp": false,
"emailVerified": false,
"email": "[email protected]",
"serviceAccountClientId": "fabric8-online-platform",
"credentials": [],
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": ["offline_access", "uma_authorization"],
"clientRoles": {
"realm-management": ["view-users", "manage-authorization"],
"broker": ["read-token"],
"fabric8-online-platform": ["uma_protection"],
"account": ["manage-account", "view-profile"]
},
"groups": []
}],
"clientScopeMappings": {
"realm-management": [
{
"client": "fabric8-online-platform",
"roles": ["view-users"]
},
{
"client": "fabric8-online-platform",
"roles": ["manage-authorization"]
}
],
"broker": [
{
"client": "fabric8-online-platform",
"roles": ["read-token"]
}
]
},
"roles" : {
"realm" : [
{
"name": "read:space",
"description": "Read space"
},
{
"name": "admin:space",
"description": "Admin space"
}
]
},
"identityProviders": [
{
"alias" : "openshift-v3",
"providerId" : "openshift-v3",
"enabled": true,
"updateProfileFirstLogin" : "true",
"storeToken" : "true",
"addReadTokenRoleOnCreate" : true,
"config": {
"hideOnLoginPage": "${HIDE_OPENSHIFT_BTN}",
"baseUrl": "${K8S_API_SERVER}",
"clientId": "fabric8-online-platform",
"defaultScope": "user:full",
"clientSecret": "fabric8"
}
},
{
"alias" : "github",
"providerId" : "github",
"enabled": true,
"updateProfileFirstLogin" : "true",
"storeToken" : "true",
"trustEmail": true,
"addReadTokenRoleOnCreate" : true,
"config": {
"hideOnLoginPage": "${HIDE_GITHUB_BTN}",
"clientSecret": "${GITHUB_OAUTH_CLIENT_SECRET}",
"clientId": "${GITHUB_OAUTH_CLIENT_ID}",
"defaultScope": "admin:repo_hook read:org repo user gist",
"useJwksUrl": "true"
}
}
],
"identityProviderMappers" : [
{
"name" : "approved",
"identityProviderAlias" : "openshift-v3",
"identityProviderMapper" : "hardcoded-attribute-idp-mapper",
"config" : {
"attribute.value" : "true",
"attribute" : "approved"
}
}, {
"name" : "approved",
"identityProviderAlias" : "github",
"identityProviderMapper" : "hardcoded-attribute-idp-mapper",
"config" : {
"attribute.value" : "true",
"attribute" : "approved"
}
}
]
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy