All Downloads are FREE. Search and download functionalities are using the official Maven repository.

atform.apps.keycloak.4.0.201.source-code.cm.yml Maven / Gradle / Ivy

There is a newer version: 4.0.204
Show newest version
metadata:
  annotations:
    expose.config.fabric8.io/apiserver-url-key: apiserver.url
    expose.service-key.config.fabric8.io/fabric8: fabric8.url
    expose.service-key.config.fabric8.io/keycloak: keycloak.url
    expose.service-key.config.fabric8.io/jenkins: jenkins.url
    expose-full.service-key.config.fabric8.io/wit: wit.api.url
data:
  db.url: keycloak-db
  db.port: "5432"
  apiserver.url: http://kubernetes
  fabric8.url: http://fabric8
  jenkins.url: http://jenkins
  keycloak.url: http://keycloak
  wit.api.url: http://wit
  fabric8-realm.json: |-
    {
      "realm": "fabric8",
      "enabled": true,
      "loginTheme": "fabric8",
      "privateKey": "${KEYCLOAK_PRIVATEKEY}",
      "publicKey": "${KEYCLOAK_PUBLICKEY}",
      "sslRequired": "external",
      "accessTokenLifespan" : 2592000,
      "accessTokenLifespanForImplicitFlow" : 1296000,
      "ssoSessionIdleTimeout" : 2592000,
      "accessCodeLifespanUserAction" : 36000,
      "accessCodeLifespanLogin" : 2592000,
      "ssoSessionMaxLifespan" : 2592000,
      "offlineSessionIdleTimeout" : 2592000,
      "accessCodeLifespan" : 60,
      "clients": [
        {
          "clientId": "fabric8-online-platform",
          "enabled": true,
          "standardFlowEnabled": true,
          "implicitFlowEnabled": false,
          "directAccessGrantsEnabled": true,
          "authorizationServicesEnabled" : true,
          "fullScopeAllowed": true,
          "serviceAccountsEnabled": true,
          "clientAuthenticatorType": "client-secret",
          "secret": "${KEYCLOAK_CLIENTID_SECRET}",
          "publicClient" : true,
          "adminUrl" : "",
          "baseUrl" : "",
          "redirectUris": [
            "http://localhost:8080/api/login/*",
            "${WIT_URL}*",
            "${JENKINS_URL}/securityRealm/finishLogin",
            "${KEYCLOAK_URL}/*"
          ],
          "webOrigins": [
            "*"
          ],
          "defaultRoles": ["uma_protection"],
          "authorizationSettings" : {
            "allowRemoteResourceManagement" : true,
            "policyEnforcementMode" : "ENFORCING",
            "scopes" : [ {
              "name" : "read:space"
              }, {
              "name" : "admin:space"
            } ]
          }
        }
      ],
      "users": [{
         "username": "service-account-fabric8-online-platform",
         "enabled": true,
         "totp": false,
         "emailVerified": false,
         "email": "[email protected]",
         "serviceAccountClientId": "fabric8-online-platform",
         "credentials": [],
         "disableableCredentialTypes": [],
         "requiredActions": [],
         "realmRoles": ["offline_access", "uma_authorization"],
         "clientRoles": {
            "realm-management": ["view-users", "manage-authorization"],
            "broker": ["read-token"],
            "fabric8-online-platform": ["uma_protection"],
            "account": ["manage-account", "view-profile"]
         },
         "groups": []
      }],
      "clientScopeMappings": {
        "realm-management": [
            {
                "client": "fabric8-online-platform",
                "roles": ["view-users"]
            },
            {
                "client": "fabric8-online-platform",
                "roles": ["manage-authorization"]
            }
        ],
        "broker": [
            {
                "client": "fabric8-online-platform",
                "roles": ["read-token"]
            }
        ]
      },
      "roles" : {
        "realm" : [
          {
            "name": "read:space",
            "description": "Read space"
          },
          {
            "name": "admin:space",
            "description": "Admin space"
          }
        ]
      },
      "identityProviders": [
        {
          "alias" : "openshift-v3",
          "providerId" : "openshift-v3",
          "enabled": true,
          "updateProfileFirstLogin" : "true",
          "storeToken" : "true",
          "addReadTokenRoleOnCreate" : true,
          "config": {
            "hideOnLoginPage": "${HIDE_OPENSHIFT_BTN}",
            "baseUrl": "${K8S_API_SERVER}",
            "clientId": "fabric8-online-platform",
            "defaultScope": "user:full",
            "clientSecret": "fabric8"
          }
        },
        {
          "alias" : "github",
          "providerId" : "github",
          "enabled": true,
          "updateProfileFirstLogin" : "true",
          "storeToken" : "true",
          "trustEmail": true,
          "addReadTokenRoleOnCreate" : true,
          "config": {
            "hideOnLoginPage": "${HIDE_GITHUB_BTN}",
            "clientSecret": "${GITHUB_OAUTH_CLIENT_SECRET}",
            "clientId": "${GITHUB_OAUTH_CLIENT_ID}",
            "defaultScope": "admin:repo_hook read:org repo user gist",
            "useJwksUrl": "true"
          }
        }
      ],
      "identityProviderMappers" : [
        {
          "name" : "approved",
          "identityProviderAlias" : "openshift-v3",
          "identityProviderMapper" : "hardcoded-attribute-idp-mapper",
          "config" : {
            "attribute.value" : "true",
            "attribute" : "approved"
          }
        }, {
          "name" : "approved",
          "identityProviderAlias" : "github",
          "identityProviderMapper" : "hardcoded-attribute-idp-mapper",
          "config" : {
            "attribute.value" : "true",
            "attribute" : "approved"
          }
        }
      ]
    }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy