From b8b14cd311041a68646ec65e747fe40460b6a7b9 Mon Sep 17 00:00:00 2001 From: Etienne Jodry Date: Tue, 3 Dec 2024 14:28:38 +0100 Subject: [PATCH] WIP: Keycloak logic, bump deps, filter: count feature + expand parameters and apispec --- compose.test.yml | 2 - keycloak/3TR.json | 1028 ++++++++++---------- src/biodm/components/services/dbservice.py | 42 +- src/biodm/components/services/kcservice.py | 154 +-- src/biodm/config.py | 9 +- src/biodm/managers/kcmanager.py | 177 ++-- src/example/.env | 2 - src/requirements/common.txt | 16 +- src/tests/integration/kc/conftest.py | 2 +- src/tests/integration/kc/test_keycloak.py | 12 - 10 files changed, 734 insertions(+), 710 deletions(-) diff --git a/compose.test.yml b/compose.test.yml index c73e6f9..5ebbdb7 100644 --- a/compose.test.yml +++ b/compose.test.yml @@ -27,8 +27,6 @@ services: - KC_HOST=http://keycloak:8080/ - KC_REALM=3TR - KC_PUBLIC_KEY=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0juOxC3+S97HFnlmRgWqUaSpTlscaH6IQaoLuqXFYakDJCV6WU0andDRQFJH8CeOaiVx84J1g7m/cNzxX6Ilz+0MZ6mnBFShaGY0+Qk6zIipFU2ehWQtAm0IWGwQipXC2enlXLIglRXJJepH7jOxC+fyY+f++09+68KuNAAUL8IjvZRMCu/AV3qlm6zdeCztTxy8eiBH9shg+wNLRpWczfMBAHetqqpzy9kVhVizHFdSxd21yESRce7iUQn+KzwsGzBve0Ds68GzhgyUXYjXV/sQ3jaNqDAy+qiCkv0nXKPBxVFUstPQQJvhlQ4gZW7SUdIV3IynBXckpGQhE24tcQIDAQAB - - KC_ADMIN=admin - - KC_ADMIN_PASSWORD=1234 - KC_CLIENT_ID=submission_client - KC_CLIENT_SECRET=38wBvfSVS7fa3LprqSL5YCDPaMUY1bTl ports: diff --git a/keycloak/3TR.json b/keycloak/3TR.json index b7ce8ed..4b42607 100644 --- a/keycloak/3TR.json +++ b/keycloak/3TR.json @@ -1,5 +1,5 @@ [ { - "id" : "c17805a5-afc5-43dd-9680-baf38a3d707b", + "id" : "f97baaf5-76d7-46af-b5bb-801270e825d1", "realm" : "master", "displayName" : "Keycloak", "displayNameHtml" : "
Keycloak
", @@ -47,7 +47,7 @@ "failureFactor" : 30, "roles" : { "realm" : [ { - "id" : "e5bc5b15-a9f5-402b-b35e-c501283276aa", + "id" : "710056e9-b575-4653-8eaf-9eac15745275", "name" : "default-roles-master", "description" : "${role_default-roles}", "composite" : true, @@ -58,327 +58,351 @@ } }, "clientRole" : false, - "containerId" : "c17805a5-afc5-43dd-9680-baf38a3d707b", + "containerId" : "f97baaf5-76d7-46af-b5bb-801270e825d1", "attributes" : { } }, { - "id" : "1b1df0ed-1212-4cea-b9a8-d8c2a456b54d", - "name" : "uma_authorization", - "description" : "${role_uma_authorization}", + "id" : "94789864-eac2-4bfc-8873-d784374f4104", + "name" : "create-realm", + "description" : "${role_create-realm}", "composite" : false, "clientRole" : false, - "containerId" : "c17805a5-afc5-43dd-9680-baf38a3d707b", + "containerId" : "f97baaf5-76d7-46af-b5bb-801270e825d1", "attributes" : { } }, { - "id" : "d05dab67-dab1-41ad-8eb2-45518afbb208", + "id" : "f0efabbf-974a-4d61-a6ec-e8efa5e1c9c6", "name" : "offline_access", "description" : "${role_offline-access}", "composite" : false, "clientRole" : false, - "containerId" : "c17805a5-afc5-43dd-9680-baf38a3d707b", - "attributes" : { } - }, { - "id" : "ae67fabe-5e7e-4692-8c47-076d1fc552a1", - "name" : "create-realm", - "description" : "${role_create-realm}", - "composite" : false, - "clientRole" : false, - "containerId" : "c17805a5-afc5-43dd-9680-baf38a3d707b", + "containerId" : "f97baaf5-76d7-46af-b5bb-801270e825d1", "attributes" : { } }, { - "id" : "1e086cfe-0781-4f4c-96bc-b5e37e5e273f", + "id" : "c95bc56d-6857-49e7-a4f8-598113b3017c", "name" : "admin", "description" : "${role_admin}", "composite" : true, "composites" : { "realm" : [ "create-realm" ], "client" : { - "3TR-realm" : [ "query-realms", "impersonation", "view-events", "create-client", "query-users", "manage-realm", "manage-identity-providers", "manage-clients", "query-groups", "manage-events", "manage-authorization", "view-authorization", "view-clients", "view-identity-providers", "manage-users", "view-realm", "query-clients", "view-users" ], - "master-realm" : [ "query-groups", "manage-events", "create-client", "manage-clients", "manage-users", "view-clients", "view-events", "view-authorization", "manage-realm", "view-users", "query-clients", "query-users", "impersonation", "view-realm", "query-realms", "manage-authorization", "manage-identity-providers", "view-identity-providers" ] + "3TR-realm" : [ "view-events", "query-users", "view-authorization", "manage-clients", "query-groups", "manage-identity-providers", "view-realm", "impersonation", "manage-realm", "manage-users", "manage-authorization", "view-identity-providers", "view-users", "create-client", "manage-events", "query-clients", "query-realms", "view-clients" ], + "master-realm" : [ "create-client", "impersonation", "view-users", "query-groups", "query-clients", "view-events", "query-users", "view-authorization", "manage-events", "view-realm", "manage-identity-providers", "query-realms", "view-identity-providers", "manage-realm", "manage-users", "manage-clients", "view-clients", "manage-authorization" ] } }, "clientRole" : false, - "containerId" : "c17805a5-afc5-43dd-9680-baf38a3d707b", + "containerId" : "f97baaf5-76d7-46af-b5bb-801270e825d1", + "attributes" : { } + }, { + "id" : "7c05e4c4-5fc4-4407-9a79-b26c57040830", + "name" : "uma_authorization", + "description" : "${role_uma_authorization}", + "composite" : false, + "clientRole" : false, + "containerId" : "f97baaf5-76d7-46af-b5bb-801270e825d1", "attributes" : { } } ], "client" : { "3TR-realm" : [ { - "id" : "3171b60c-2aac-4cdf-89c1-9f6b48703da6", - "name" : "view-authorization", - "description" : "${role_view-authorization}", + "id" : "bda4b57f-9e2d-4295-a34d-5169db914adc", + "name" : "view-events", + "description" : "${role_view-events}", "composite" : false, "clientRole" : true, - "containerId" : "aeda2bbd-bf3c-44b9-b374-1844a53a6fdb", + "containerId" : "974c8db9-cbaa-404a-85cf-8c76b5ca7854", "attributes" : { } }, { - "id" : "fe0b5870-f530-40ad-9fe4-7de9fe602ec7", - "name" : "impersonation", - "description" : "${role_impersonation}", + "id" : "0a076c26-01ea-4ce4-9d59-c52c3eb48937", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", "composite" : false, "clientRole" : true, - "containerId" : "aeda2bbd-bf3c-44b9-b374-1844a53a6fdb", + "containerId" : "974c8db9-cbaa-404a-85cf-8c76b5ca7854", "attributes" : { } }, { - "id" : "dbb471c7-9656-4767-a7ff-abeaba41fd3e", - "name" : "query-realms", - "description" : "${role_query-realms}", + "id" : "f8d0d0de-8530-44f0-8d0b-69e86a730e8e", + "name" : "query-users", + "description" : "${role_query-users}", "composite" : false, "clientRole" : true, - "containerId" : "aeda2bbd-bf3c-44b9-b374-1844a53a6fdb", + "containerId" : "974c8db9-cbaa-404a-85cf-8c76b5ca7854", "attributes" : { } }, { - "id" : "11c6ec5e-2852-494f-a4d7-697060b83937", - "name" : "view-events", - "description" : "${role_view-events}", + "id" : "40463ef8-2f39-4e7d-bb3b-0d3e40299758", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", "composite" : false, "clientRole" : true, - "containerId" : "aeda2bbd-bf3c-44b9-b374-1844a53a6fdb", + "containerId" : "974c8db9-cbaa-404a-85cf-8c76b5ca7854", "attributes" : { } }, { - "id" : "c26c9ac1-aacc-44ab-8ff7-b3b5b4057700", - "name" : "view-clients", - "description" : "${role_view-clients}", + "id" : "c4c62b01-703f-4bce-b646-ec1e91ec9553", + "name" : "view-users", + "description" : "${role_view-users}", "composite" : true, "composites" : { "client" : { - "3TR-realm" : [ "query-clients" ] + "3TR-realm" : [ "query-groups", "query-users" ] } }, "clientRole" : true, - "containerId" : "aeda2bbd-bf3c-44b9-b374-1844a53a6fdb", + "containerId" : "974c8db9-cbaa-404a-85cf-8c76b5ca7854", "attributes" : { } }, { - "id" : "18ae997b-a37a-4a24-8e97-bfd3e7bf49ff", + "id" : "cbc1467d-1e16-4e6f-b52f-9ee07258d138", "name" : "create-client", "description" : "${role_create-client}", "composite" : false, "clientRole" : true, - "containerId" : "aeda2bbd-bf3c-44b9-b374-1844a53a6fdb", + "containerId" : "974c8db9-cbaa-404a-85cf-8c76b5ca7854", "attributes" : { } }, { - "id" : "aeeec425-14b6-440b-ac18-5b7d512db412", - "name" : "query-users", - "description" : "${role_query-users}", - "composite" : false, - "clientRole" : true, - "containerId" : "aeda2bbd-bf3c-44b9-b374-1844a53a6fdb", - "attributes" : { } - }, { - "id" : "baf107e2-b2f6-47f2-bb39-606b5b82d403", - "name" : "manage-identity-providers", - "description" : "${role_manage-identity-providers}", + "id" : "c69dc341-3497-4c61-82f7-c2a6bc03e12d", + "name" : "manage-events", + "description" : "${role_manage-events}", "composite" : false, "clientRole" : true, - "containerId" : "aeda2bbd-bf3c-44b9-b374-1844a53a6fdb", + "containerId" : "974c8db9-cbaa-404a-85cf-8c76b5ca7854", "attributes" : { } }, { - "id" : "7aa73d7f-0461-4a09-8320-89d3709561c0", - "name" : "manage-realm", - "description" : "${role_manage-realm}", + "id" : "0f149d3b-9f7b-4d97-b0f0-54bf39fdd83c", + "name" : "view-authorization", + "description" : "${role_view-authorization}", "composite" : false, "clientRole" : true, - "containerId" : "aeda2bbd-bf3c-44b9-b374-1844a53a6fdb", + "containerId" : "974c8db9-cbaa-404a-85cf-8c76b5ca7854", "attributes" : { } }, { - "id" : "95748184-57f9-40bb-9e42-c4cb26b6d1f4", + "id" : "1d4efffb-94eb-41de-8428-2b0a10ee6eb0", "name" : "manage-clients", "description" : "${role_manage-clients}", "composite" : false, "clientRole" : true, - "containerId" : "aeda2bbd-bf3c-44b9-b374-1844a53a6fdb", + "containerId" : "974c8db9-cbaa-404a-85cf-8c76b5ca7854", "attributes" : { } }, { - "id" : "b0a8bca9-a732-44fa-b3eb-de5fff5978f7", - "name" : "view-identity-providers", - "description" : "${role_view-identity-providers}", + "id" : "aae78ea5-2a7f-4020-b10d-6e59a32be9ca", + "name" : "query-clients", + "description" : "${role_query-clients}", "composite" : false, "clientRole" : true, - "containerId" : "aeda2bbd-bf3c-44b9-b374-1844a53a6fdb", + "containerId" : "974c8db9-cbaa-404a-85cf-8c76b5ca7854", "attributes" : { } }, { - "id" : "ccb87cd2-a0e8-438d-bd6f-8f648330f18a", - "name" : "manage-users", - "description" : "${role_manage-users}", + "id" : "0a85ba0c-1dc0-4aa8-9ca8-f9560a6a84e1", + "name" : "query-groups", + "description" : "${role_query-groups}", "composite" : false, "clientRole" : true, - "containerId" : "aeda2bbd-bf3c-44b9-b374-1844a53a6fdb", + "containerId" : "974c8db9-cbaa-404a-85cf-8c76b5ca7854", "attributes" : { } }, { - "id" : "ad6f13b4-3a4c-43b2-8c19-46ceabed9473", - "name" : "query-groups", - "description" : "${role_query-groups}", + "id" : "663dd724-469e-4253-bd28-c72df67b45d3", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", "composite" : false, "clientRole" : true, - "containerId" : "aeda2bbd-bf3c-44b9-b374-1844a53a6fdb", + "containerId" : "974c8db9-cbaa-404a-85cf-8c76b5ca7854", "attributes" : { } }, { - "id" : "a19ef677-c127-4466-b7b4-7199c1f7d517", + "id" : "81567d22-239f-434b-a9c9-ca5dbb0f62c9", "name" : "view-realm", "description" : "${role_view-realm}", "composite" : false, "clientRole" : true, - "containerId" : "aeda2bbd-bf3c-44b9-b374-1844a53a6fdb", + "containerId" : "974c8db9-cbaa-404a-85cf-8c76b5ca7854", "attributes" : { } }, { - "id" : "84199dfb-5556-432a-9ce8-617d46e809f2", - "name" : "manage-events", - "description" : "${role_manage-events}", + "id" : "4132882e-9dd3-4c71-9295-d8d451b56b36", + "name" : "query-realms", + "description" : "${role_query-realms}", "composite" : false, "clientRole" : true, - "containerId" : "aeda2bbd-bf3c-44b9-b374-1844a53a6fdb", + "containerId" : "974c8db9-cbaa-404a-85cf-8c76b5ca7854", "attributes" : { } }, { - "id" : "05180a34-a763-4bf9-89a9-7cc37d353dba", - "name" : "query-clients", - "description" : "${role_query-clients}", + "id" : "6d6d4480-9394-4f0d-bf4c-bddc785faa98", + "name" : "impersonation", + "description" : "${role_impersonation}", "composite" : false, "clientRole" : true, - "containerId" : "aeda2bbd-bf3c-44b9-b374-1844a53a6fdb", + "containerId" : "974c8db9-cbaa-404a-85cf-8c76b5ca7854", "attributes" : { } }, { - "id" : "4f080ea7-b063-4bdd-ac1e-4a70268fb3ac", - "name" : "manage-authorization", - "description" : "${role_manage-authorization}", + "id" : "cf31ea38-545a-4496-9cbc-4f2efc61230a", + "name" : "manage-realm", + "description" : "${role_manage-realm}", "composite" : false, "clientRole" : true, - "containerId" : "aeda2bbd-bf3c-44b9-b374-1844a53a6fdb", + "containerId" : "974c8db9-cbaa-404a-85cf-8c76b5ca7854", "attributes" : { } }, { - "id" : "dea6a335-307d-42bc-9b7c-4dd6e2ddd250", - "name" : "view-users", - "description" : "${role_view-users}", + "id" : "05442754-2ee3-4c5d-8b5b-24b7e1dee109", + "name" : "view-clients", + "description" : "${role_view-clients}", "composite" : true, "composites" : { "client" : { - "3TR-realm" : [ "query-groups", "query-users" ] + "3TR-realm" : [ "query-clients" ] } }, "clientRole" : true, - "containerId" : "aeda2bbd-bf3c-44b9-b374-1844a53a6fdb", + "containerId" : "974c8db9-cbaa-404a-85cf-8c76b5ca7854", + "attributes" : { } + }, { + "id" : "d476912e-1a15-4c4e-b765-344cc6cd4275", + "name" : "manage-users", + "description" : "${role_manage-users}", + "composite" : false, + "clientRole" : true, + "containerId" : "974c8db9-cbaa-404a-85cf-8c76b5ca7854", "attributes" : { } } ], "security-admin-console" : [ ], "admin-cli" : [ ], "account-console" : [ ], "broker" : [ { - "id" : "c4d32102-4eba-4aa3-9419-99ff314a1487", + "id" : "cfa1fe5f-2b27-4dca-9fad-c02e8bdbb329", "name" : "read-token", "description" : "${role_read-token}", "composite" : false, "clientRole" : true, - "containerId" : "8a7961b4-559e-4ca4-8ec0-b08a0fb325fd", + "containerId" : "4da78ed6-892a-4770-9025-e352f155cf11", "attributes" : { } } ], "master-realm" : [ { - "id" : "e08cb887-1eb8-4292-b6a8-713687be3f6f", - "name" : "query-groups", - "description" : "${role_query-groups}", + "id" : "5667d6fe-8ef9-4e56-8b11-52be260df5f3", + "name" : "create-client", + "description" : "${role_create-client}", "composite" : false, "clientRole" : true, - "containerId" : "762c406f-67c2-4daf-9c86-86f5fb99d2ea", + "containerId" : "dd5cc8f7-9a4b-4214-8350-031d75b7a47b", "attributes" : { } }, { - "id" : "652d016e-1471-4193-979b-82364943e043", + "id" : "9e078ae6-16af-4264-8a6b-3c316551396c", "name" : "manage-events", "description" : "${role_manage-events}", "composite" : false, "clientRole" : true, - "containerId" : "762c406f-67c2-4daf-9c86-86f5fb99d2ea", + "containerId" : "dd5cc8f7-9a4b-4214-8350-031d75b7a47b", "attributes" : { } }, { - "id" : "8af15d6c-3e1e-45c2-92ab-a12565a9fbd4", - "name" : "create-client", - "description" : "${role_create-client}", + "id" : "360ada5b-9818-4206-bb30-b6994b13f291", + "name" : "impersonation", + "description" : "${role_impersonation}", "composite" : false, "clientRole" : true, - "containerId" : "762c406f-67c2-4daf-9c86-86f5fb99d2ea", + "containerId" : "dd5cc8f7-9a4b-4214-8350-031d75b7a47b", "attributes" : { } }, { - "id" : "12aa10fd-ef47-4a83-88a5-7781513acc29", - "name" : "manage-realm", - "description" : "${role_manage-realm}", + "id" : "ae98417a-c3b3-4254-a086-967632e25db0", + "name" : "view-realm", + "description" : "${role_view-realm}", "composite" : false, "clientRole" : true, - "containerId" : "762c406f-67c2-4daf-9c86-86f5fb99d2ea", + "containerId" : "dd5cc8f7-9a4b-4214-8350-031d75b7a47b", "attributes" : { } }, { - "id" : "766da704-ac81-4e16-bbb1-fd5e35dad51f", - "name" : "query-clients", - "description" : "${role_query-clients}", + "id" : "967a14e0-7a10-4459-a324-bb40e17200eb", + "name" : "manage-identity-providers", + "description" : "${role_manage-identity-providers}", "composite" : false, "clientRole" : true, - "containerId" : "762c406f-67c2-4daf-9c86-86f5fb99d2ea", + "containerId" : "dd5cc8f7-9a4b-4214-8350-031d75b7a47b", "attributes" : { } }, { - "id" : "88d1c6fa-9385-4ba5-ba46-ff629bbd2d1c", + "id" : "1c7b876c-db24-4a7d-aff4-b8fa4bc41d00", + "name" : "query-realms", + "description" : "${role_query-realms}", + "composite" : false, + "clientRole" : true, + "containerId" : "dd5cc8f7-9a4b-4214-8350-031d75b7a47b", + "attributes" : { } + }, { + "id" : "aa9e45e9-572c-489e-b919-3b71e9121ad4", + "name" : "query-groups", + "description" : "${role_query-groups}", + "composite" : false, + "clientRole" : true, + "containerId" : "dd5cc8f7-9a4b-4214-8350-031d75b7a47b", + "attributes" : { } + }, { + "id" : "ff3c06b8-7be3-470d-9a2f-9b64c2e93c66", "name" : "view-users", "description" : "${role_view-users}", "composite" : true, "composites" : { "client" : { - "master-realm" : [ "query-groups", "query-users" ] + "master-realm" : [ "query-users", "query-groups" ] } }, "clientRole" : true, - "containerId" : "762c406f-67c2-4daf-9c86-86f5fb99d2ea", + "containerId" : "dd5cc8f7-9a4b-4214-8350-031d75b7a47b", "attributes" : { } }, { - "id" : "63080507-7535-40bf-9719-964bcdf07c64", - "name" : "impersonation", - "description" : "${role_impersonation}", + "id" : "a6f50191-c454-4ef1-8bb2-f464692a624a", + "name" : "manage-realm", + "description" : "${role_manage-realm}", "composite" : false, "clientRole" : true, - "containerId" : "762c406f-67c2-4daf-9c86-86f5fb99d2ea", + "containerId" : "dd5cc8f7-9a4b-4214-8350-031d75b7a47b", "attributes" : { } }, { - "id" : "f14a5392-0e38-4f98-b947-25927a543436", - "name" : "query-users", - "description" : "${role_query-users}", + "id" : "b0a8a4a7-9338-43a2-a614-3c5f99383457", + "name" : "view-identity-providers", + "description" : "${role_view-identity-providers}", "composite" : false, "clientRole" : true, - "containerId" : "762c406f-67c2-4daf-9c86-86f5fb99d2ea", + "containerId" : "dd5cc8f7-9a4b-4214-8350-031d75b7a47b", "attributes" : { } }, { - "id" : "d00e0a39-f6b1-4bc8-a0fd-c9b4f05f4cad", - "name" : "manage-clients", - "description" : "${role_manage-clients}", + "id" : "8bd374dc-be56-4c71-b57e-4b530398d15e", + "name" : "query-clients", + "description" : "${role_query-clients}", "composite" : false, "clientRole" : true, - "containerId" : "762c406f-67c2-4daf-9c86-86f5fb99d2ea", + "containerId" : "dd5cc8f7-9a4b-4214-8350-031d75b7a47b", "attributes" : { } }, { - "id" : "1a131a5a-693e-4ecb-8ef7-03d166907dec", - "name" : "manage-users", - "description" : "${role_manage-users}", + "id" : "8f0279f0-d492-40cc-9691-1261f8617f25", + "name" : "view-events", + "description" : "${role_view-events}", "composite" : false, "clientRole" : true, - "containerId" : "762c406f-67c2-4daf-9c86-86f5fb99d2ea", + "containerId" : "dd5cc8f7-9a4b-4214-8350-031d75b7a47b", "attributes" : { } }, { - "id" : "9b1a32a0-714a-4286-8d7e-63f73f688bbb", - "name" : "view-realm", - "description" : "${role_view-realm}", + "id" : "66ab543d-a34c-48c8-8898-fa7a042c5680", + "name" : "query-users", + "description" : "${role_query-users}", "composite" : false, "clientRole" : true, - "containerId" : "762c406f-67c2-4daf-9c86-86f5fb99d2ea", + "containerId" : "dd5cc8f7-9a4b-4214-8350-031d75b7a47b", "attributes" : { } }, { - "id" : "2e3ffc69-23b0-4a0d-a6f5-2034fa7b18db", - "name" : "query-realms", - "description" : "${role_query-realms}", + "id" : "3e7edba6-6090-46ef-bc9b-fb5315ccab98", + "name" : "manage-users", + "description" : "${role_manage-users}", "composite" : false, "clientRole" : true, - "containerId" : "762c406f-67c2-4daf-9c86-86f5fb99d2ea", + "containerId" : "dd5cc8f7-9a4b-4214-8350-031d75b7a47b", "attributes" : { } }, { - "id" : "8a7c33f2-20a3-4dad-b0a8-5c99b26b46cc", - "name" : "manage-authorization", - "description" : "${role_manage-authorization}", + "id" : "0e09b02b-9998-4916-8d7d-70db5dc30880", + "name" : "view-authorization", + "description" : "${role_view-authorization}", "composite" : false, "clientRole" : true, - "containerId" : "762c406f-67c2-4daf-9c86-86f5fb99d2ea", + "containerId" : "dd5cc8f7-9a4b-4214-8350-031d75b7a47b", "attributes" : { } }, { - "id" : "ab71eb2f-74e4-40ce-beca-4dba998fffaf", + "id" : "867fe27f-be37-4911-afad-6a180de53bbb", + "name" : "manage-clients", + "description" : "${role_manage-clients}", + "composite" : false, + "clientRole" : true, + "containerId" : "dd5cc8f7-9a4b-4214-8350-031d75b7a47b", + "attributes" : { } + }, { + "id" : "0095a6d2-c319-4f29-89bb-091b32f451e8", "name" : "view-clients", "description" : "${role_view-clients}", "composite" : true, @@ -388,51 +412,35 @@ } }, "clientRole" : true, - "containerId" : "762c406f-67c2-4daf-9c86-86f5fb99d2ea", + "containerId" : "dd5cc8f7-9a4b-4214-8350-031d75b7a47b", "attributes" : { } }, { - "id" : "500f2e72-eef4-4b26-909a-b21325c9e26b", - "name" : "manage-identity-providers", - "description" : "${role_manage-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "762c406f-67c2-4daf-9c86-86f5fb99d2ea", - "attributes" : { } - }, { - "id" : "81cf0848-c7dd-45ba-9440-a4cd8bd7a648", - "name" : "view-authorization", - "description" : "${role_view-authorization}", + "id" : "d6ed41c4-f479-4e51-ba41-4fc731e9b342", + "name" : "manage-authorization", + "description" : "${role_manage-authorization}", "composite" : false, "clientRole" : true, - "containerId" : "762c406f-67c2-4daf-9c86-86f5fb99d2ea", + "containerId" : "dd5cc8f7-9a4b-4214-8350-031d75b7a47b", "attributes" : { } - }, { - "id" : "a711bcc4-3863-42b2-aa2e-cc875a868754", - "name" : "view-events", - "description" : "${role_view-events}", + } ], + "account" : [ { + "id" : "8c96ce46-e756-4e5d-aa44-9b36d711e2e7", + "name" : "manage-account-links", + "description" : "${role_manage-account-links}", "composite" : false, "clientRole" : true, - "containerId" : "762c406f-67c2-4daf-9c86-86f5fb99d2ea", + "containerId" : "5a130475-a295-4f80-8409-e4bbed8a6597", "attributes" : { } }, { - "id" : "62186eab-58c2-49ec-ac09-25c979467327", - "name" : "view-identity-providers", - "description" : "${role_view-identity-providers}", - "composite" : false, - "clientRole" : true, - "containerId" : "762c406f-67c2-4daf-9c86-86f5fb99d2ea", - "attributes" : { } - } ], - "account" : [ { - "id" : "6b1cb0a0-a3e7-46ee-8cef-9c721d36d627", - "name" : "delete-account", - "description" : "${role_delete-account}", + "id" : "429a43ed-ed55-4f8d-a8eb-a091a6d2c8ea", + "name" : "view-consent", + "description" : "${role_view-consent}", "composite" : false, "clientRole" : true, - "containerId" : "16dbe890-a414-4de5-a7e2-a1d59af3bc5e", + "containerId" : "5a130475-a295-4f80-8409-e4bbed8a6597", "attributes" : { } }, { - "id" : "554beba2-ccec-4799-a996-2a018165253e", + "id" : "a5871971-ae30-4c8a-bb32-90d32ec4074c", "name" : "manage-account", "description" : "${role_manage-account}", "composite" : true, @@ -442,72 +450,64 @@ } }, "clientRole" : true, - "containerId" : "16dbe890-a414-4de5-a7e2-a1d59af3bc5e", + "containerId" : "5a130475-a295-4f80-8409-e4bbed8a6597", "attributes" : { } }, { - "id" : "ff04c74b-3afb-4ac9-8b09-f777367a8c1f", - "name" : "view-applications", - "description" : "${role_view-applications}", - "composite" : false, + "id" : "c61d18b8-3811-4773-911b-a136572adc5a", + "name" : "manage-consent", + "description" : "${role_manage-consent}", + "composite" : true, + "composites" : { + "client" : { + "account" : [ "view-consent" ] + } + }, "clientRole" : true, - "containerId" : "16dbe890-a414-4de5-a7e2-a1d59af3bc5e", + "containerId" : "5a130475-a295-4f80-8409-e4bbed8a6597", "attributes" : { } }, { - "id" : "26748dc1-5e14-4319-8905-1fd68d79877a", - "name" : "view-consent", - "description" : "${role_view-consent}", + "id" : "e1f1ebd1-0bb3-4a5c-8536-2632a556c18f", + "name" : "view-applications", + "description" : "${role_view-applications}", "composite" : false, "clientRole" : true, - "containerId" : "16dbe890-a414-4de5-a7e2-a1d59af3bc5e", + "containerId" : "5a130475-a295-4f80-8409-e4bbed8a6597", "attributes" : { } }, { - "id" : "58602ab9-53b1-41d8-8b01-986922626fa2", + "id" : "55039e08-2f7f-47e4-aee8-a75b485dccbf", "name" : "view-profile", "description" : "${role_view-profile}", "composite" : false, "clientRole" : true, - "containerId" : "16dbe890-a414-4de5-a7e2-a1d59af3bc5e", + "containerId" : "5a130475-a295-4f80-8409-e4bbed8a6597", "attributes" : { } }, { - "id" : "bf1ca38c-c645-4e14-9773-99282143ed5b", - "name" : "manage-consent", - "description" : "${role_manage-consent}", - "composite" : true, - "composites" : { - "client" : { - "account" : [ "view-consent" ] - } - }, + "id" : "dbe62966-fa00-454c-b23a-b80d8bb0c716", + "name" : "delete-account", + "description" : "${role_delete-account}", + "composite" : false, "clientRole" : true, - "containerId" : "16dbe890-a414-4de5-a7e2-a1d59af3bc5e", + "containerId" : "5a130475-a295-4f80-8409-e4bbed8a6597", "attributes" : { } }, { - "id" : "e9d3ac60-8f07-4c12-befe-0e1ba84c74d4", + "id" : "98b1ee09-2e24-4469-9e22-9cf957d8bc40", "name" : "view-groups", "description" : "${role_view-groups}", "composite" : false, "clientRole" : true, - "containerId" : "16dbe890-a414-4de5-a7e2-a1d59af3bc5e", - "attributes" : { } - }, { - "id" : "166c202e-11df-462e-b883-ee4cf419a280", - "name" : "manage-account-links", - "description" : "${role_manage-account-links}", - "composite" : false, - "clientRole" : true, - "containerId" : "16dbe890-a414-4de5-a7e2-a1d59af3bc5e", + "containerId" : "5a130475-a295-4f80-8409-e4bbed8a6597", "attributes" : { } } ] } }, "groups" : [ ], "defaultRole" : { - "id" : "e5bc5b15-a9f5-402b-b35e-c501283276aa", + "id" : "710056e9-b575-4653-8eaf-9eac15745275", "name" : "default-roles-master", "description" : "${role_default-roles}", "composite" : true, "clientRole" : false, - "containerId" : "c17805a5-afc5-43dd-9680-baf38a3d707b" + "containerId" : "f97baaf5-76d7-46af-b5bb-801270e825d1" }, "requiredCredentials" : [ "password" ], "otpPolicyType" : "totp", @@ -539,17 +539,17 @@ "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false, "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ], "users" : [ { - "id" : "20a44f55-cf00-462b-8834-7d8ed57f58f5", - "createdTimestamp" : 1729858577840, + "id" : "27f2c259-d899-43a9-b73d-7082e2188af3", + "createdTimestamp" : 1730901376434, "username" : "admin", "enabled" : true, "totp" : false, "emailVerified" : false, "credentials" : [ { - "id" : "faa829a8-4fdd-44dd-87b5-8ccac65c7a0c", + "id" : "9b4d3996-ce0a-4604-9ab6-2e09fa8cccb9", "type" : "password", - "createdDate" : 1729858577909, - "secretData" : "{\"value\":\"nbvuEBfXpIX9VJLPSnTtRF4MCvD5MbplDk7Y6lG+f0k=\",\"salt\":\"lWKNqfDtFmQnnPRfTyiEnw==\",\"additionalParameters\":{}}", + "createdDate" : 1730901376538, + "secretData" : "{\"value\":\"BXWhLd9UUf12eXncXkubjAbS3kLuCxxYWFKfbXFxRkQ=\",\"salt\":\"N3lS2tiUuhDAFcqQ9SuJOw==\",\"additionalParameters\":{}}", "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" } ], "disableableCredentialTypes" : [ ], @@ -569,7 +569,7 @@ } ] }, "clients" : [ { - "id" : "aeda2bbd-bf3c-44b9-b374-1844a53a6fdb", + "id" : "974c8db9-cbaa-404a-85cf-8c76b5ca7854", "clientId" : "3TR-realm", "name" : "3TR Realm", "surrogateAuthRequired" : false, @@ -594,7 +594,7 @@ "defaultClientScopes" : [ ], "optionalClientScopes" : [ ] }, { - "id" : "16dbe890-a414-4de5-a7e2-a1d59af3bc5e", + "id" : "5a130475-a295-4f80-8409-e4bbed8a6597", "clientId" : "account", "name" : "${client_account}", "rootUrl" : "${authBaseUrl}", @@ -621,10 +621,10 @@ "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { - "id" : "2983c186-3e0e-422b-819d-13e5e3311771", + "id" : "de614db7-9214-4e0c-b292-491abc3688cc", "clientId" : "account-console", "name" : "${client_account-console}", "rootUrl" : "${authBaseUrl}", @@ -653,17 +653,17 @@ "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, "protocolMappers" : [ { - "id" : "6b4f6722-929f-4e5b-b8d1-6ff36adfb375", + "id" : "63ba5139-fb33-4d44-a21b-9ea78bab046b", "name" : "audience resolve", "protocol" : "openid-connect", "protocolMapper" : "oidc-audience-resolve-mapper", "consentRequired" : false, "config" : { } } ], - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { - "id" : "89c393a6-bf75-41e2-93f3-4bc8b83facf0", + "id" : "c4e8fd00-2351-431d-a944-3dab6e85a3dd", "clientId" : "admin-cli", "name" : "${client_admin-cli}", "surrogateAuthRequired" : false, @@ -686,10 +686,10 @@ "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { - "id" : "8a7961b4-559e-4ca4-8ec0-b08a0fb325fd", + "id" : "4da78ed6-892a-4770-9025-e352f155cf11", "clientId" : "broker", "name" : "${client_broker}", "surrogateAuthRequired" : false, @@ -712,10 +712,10 @@ "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { - "id" : "762c406f-67c2-4daf-9c86-86f5fb99d2ea", + "id" : "dd5cc8f7-9a4b-4214-8350-031d75b7a47b", "clientId" : "master-realm", "name" : "master Realm", "surrogateAuthRequired" : false, @@ -737,10 +737,10 @@ "authenticationFlowBindingOverrides" : { }, "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] }, { - "id" : "0bd00a0f-53a0-47b6-b6dc-4c3a984f28d0", + "id" : "88a4cf3f-8886-47c3-9444-2e1e03ff6da1", "clientId" : "security-admin-console", "name" : "${client_security-admin-console}", "rootUrl" : "${authAdminUrl}", @@ -769,7 +769,7 @@ "fullScopeAllowed" : false, "nodeReRegistrationTimeout" : 0, "protocolMappers" : [ { - "id" : "77170871-94b9-4de1-90e5-6f608dcbe0df", + "id" : "5c15731b-7779-4154-a1f3-57f21b6ecbcd", "name" : "locale", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", @@ -783,52 +783,49 @@ "jsonType.label" : "String" } } ], - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], + "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] } ], "clientScopes" : [ { - "id" : "b0eab430-6d64-4e2a-b569-6a00283db5a2", - "name" : "role_list", - "description" : "SAML role list", - "protocol" : "saml", + "id" : "544304b5-aa0f-4b84-843a-6e25bbd5dc3e", + "name" : "microprofile-jwt", + "description" : "Microprofile - JWT built-in scope", + "protocol" : "openid-connect", "attributes" : { - "consent.screen.text" : "${samlRoleListScopeConsentText}", - "display.on.consent.screen" : "true" + "include.in.token.scope" : "true", + "display.on.consent.screen" : "false" }, "protocolMappers" : [ { - "id" : "3eb3f8d8-0e5a-4574-88e0-c13c0caa1491", - "name" : "role list", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", + "id" : "db6b8d9e-b9de-42ba-ae46-6eb518b4f486", + "name" : "upn", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { - "single" : "false", - "attribute.nameformat" : "Basic", - "attribute.name" : "Role" + "userinfo.token.claim" : "true", + "user.attribute" : "username", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "upn", + "jsonType.label" : "String" } - } ] - }, { - "id" : "fbd541fa-1689-43b4-982b-b81b6b747e63", - "name" : "acr", - "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false" - }, - "protocolMappers" : [ { - "id" : "5492a959-6313-4f76-88f4-f62679dd5582", - "name" : "acr loa level", + }, { + "id" : "17995969-4cf8-4439-9d84-ca4aacb42b61", + "name" : "groups", "protocol" : "openid-connect", - "protocolMapper" : "oidc-acr-mapper", + "protocolMapper" : "oidc-usermodel-realm-role-mapper", "consentRequired" : false, "config" : { + "multivalued" : "true", + "user.attribute" : "foo", "id.token.claim" : "true", - "access.token.claim" : "true" + "access.token.claim" : "true", + "claim.name" : "groups", + "jsonType.label" : "String" } } ] }, { - "id" : "9d4047c2-b546-4547-9c05-347c4eb20fcc", + "id" : "31831664-6dc5-4107-8cf0-a09d712f0e4f", "name" : "offline_access", "description" : "OpenID Connect built-in scope: offline_access", "protocol" : "openid-connect", @@ -837,35 +834,64 @@ "display.on.consent.screen" : "true" } }, { - "id" : "ddc8ae5c-53f4-46ef-a096-d38a8f6607e5", - "name" : "address", - "description" : "OpenID Connect built-in scope: address", + "id" : "29aaceb1-62b7-4721-8b91-4d67e39e2446", + "name" : "web-origins", + "description" : "OpenID Connect scope for add allowed web origins to the access token", + "protocol" : "openid-connect", + "attributes" : { + "include.in.token.scope" : "false", + "display.on.consent.screen" : "false", + "consent.screen.text" : "" + }, + "protocolMappers" : [ { + "id" : "34cf11dc-ff3e-45ad-8949-917dc82d71a3", + "name" : "allowed web origins", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-allowed-origins-mapper", + "consentRequired" : false, + "config" : { } + } ] + }, { + "id" : "c3fdd2cf-71d8-4744-bfa0-782c1c0de3ca", + "name" : "phone", + "description" : "OpenID Connect built-in scope: phone", "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", "display.on.consent.screen" : "true", - "consent.screen.text" : "${addressScopeConsentText}" + "consent.screen.text" : "${phoneScopeConsentText}" }, "protocolMappers" : [ { - "id" : "be606f85-50e3-4d1c-ba0c-ee5ea50774ec", - "name" : "address", + "id" : "2fcbbc6c-307c-4d2b-968b-db0e236456a0", + "name" : "phone number", "protocol" : "openid-connect", - "protocolMapper" : "oidc-address-mapper", + "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { - "user.attribute.formatted" : "formatted", - "user.attribute.country" : "country", - "user.attribute.postal_code" : "postal_code", "userinfo.token.claim" : "true", - "user.attribute.street" : "street", + "user.attribute" : "phoneNumber", "id.token.claim" : "true", - "user.attribute.region" : "region", "access.token.claim" : "true", - "user.attribute.locality" : "locality" + "claim.name" : "phone_number", + "jsonType.label" : "String" + } + }, { + "id" : "8de857db-daae-487b-8f7b-e03a49e8e118", + "name" : "phone number verified", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-usermodel-attribute-mapper", + "consentRequired" : false, + "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "phoneNumberVerified", + "id.token.claim" : "true", + "access.token.claim" : "true", + "claim.name" : "phone_number_verified", + "jsonType.label" : "boolean" } } ] }, { - "id" : "4fd334d9-00d0-4d41-b95e-0c9aa37a4135", + "id" : "0d114256-5171-4710-ae2f-04b8ec6bd6c9", "name" : "email", "description" : "OpenID Connect built-in scope: email", "protocol" : "openid-connect", @@ -875,80 +901,77 @@ "consent.screen.text" : "${emailScopeConsentText}" }, "protocolMappers" : [ { - "id" : "40882f8c-e34d-4b0c-b8f2-860af85e64c7", - "name" : "email", + "id" : "7d2a2e44-0f85-4244-b474-ee8e0ec85e7b", + "name" : "email verified", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", + "protocolMapper" : "oidc-usermodel-property-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "email", + "user.attribute" : "emailVerified", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "email", - "jsonType.label" : "String" + "claim.name" : "email_verified", + "jsonType.label" : "boolean" } }, { - "id" : "ddaae589-ed76-4dc0-89ae-099d4b3392ce", - "name" : "email verified", + "id" : "8561e049-355e-432c-8b8e-034ced7998fd", + "name" : "email", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-property-mapper", + "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "emailVerified", + "user.attribute" : "email", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "email_verified", - "jsonType.label" : "boolean" + "claim.name" : "email", + "jsonType.label" : "String" } } ] }, { - "id" : "dc9eb379-ec73-4760-b320-153bb6388377", - "name" : "roles", - "description" : "OpenID Connect scope for add user roles to the access token", + "id" : "e13fbdc6-960e-4e7f-a094-7278e14f6cc5", + "name" : "acr", + "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token", "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "false", - "display.on.consent.screen" : "true", - "consent.screen.text" : "${rolesScopeConsentText}" + "display.on.consent.screen" : "false" }, "protocolMappers" : [ { - "id" : "993ad648-c235-4e73-b92d-6acc2b7a8c03", - "name" : "realm roles", + "id" : "1b93c1b4-4375-4384-b067-3415a47a7558", + "name" : "acr loa level", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-realm-role-mapper", + "protocolMapper" : "oidc-acr-mapper", "consentRequired" : false, "config" : { - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "realm_access.roles", - "jsonType.label" : "String", - "multivalued" : "true" + "id.token.claim" : "true", + "access.token.claim" : "true" } - }, { - "id" : "87311d3b-2ffa-4d8e-9e82-aaf90e3baf12", - "name" : "audience resolve", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-audience-resolve-mapper", - "consentRequired" : false, - "config" : { } - }, { - "id" : "0b8d45ef-cae3-4163-890f-d24e7938e60b", - "name" : "client roles", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-client-role-mapper", + } ] + }, { + "id" : "39a2d868-670d-411b-9390-d82e1e622aab", + "name" : "role_list", + "description" : "SAML role list", + "protocol" : "saml", + "attributes" : { + "consent.screen.text" : "${samlRoleListScopeConsentText}", + "display.on.consent.screen" : "true" + }, + "protocolMappers" : [ { + "id" : "20965588-9158-4560-9bc8-5dd21bb4734d", + "name" : "role list", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", "consentRequired" : false, "config" : { - "user.attribute" : "foo", - "access.token.claim" : "true", - "claim.name" : "resource_access.${client_id}.roles", - "jsonType.label" : "String", - "multivalued" : "true" + "single" : "false", + "attribute.nameformat" : "Basic", + "attribute.name" : "Role" } } ] }, { - "id" : "ae368b7d-ad89-4430-ba40-74cdffaa2323", + "id" : "6beaa1fb-b729-4c87-b6ea-cba92fc556bf", "name" : "profile", "description" : "OpenID Connect built-in scope: profile", "protocol" : "openid-connect", @@ -958,292 +981,269 @@ "consent.screen.text" : "${profileScopeConsentText}" }, "protocolMappers" : [ { - "id" : "01bb741c-f07f-4a22-9b7f-439251894f2b", - "name" : "nickname", + "id" : "8876bd2f-9e08-44a8-adf1-ffb30ddf4fd7", + "name" : "website", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "nickname", + "user.attribute" : "website", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "nickname", + "claim.name" : "website", "jsonType.label" : "String" } }, { - "id" : "f37cf59e-477a-411b-9036-c3126a71ec5a", - "name" : "picture", + "id" : "0f760da3-2f26-468a-896e-89c125d47cbd", + "name" : "birthdate", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "picture", + "user.attribute" : "birthdate", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "picture", + "claim.name" : "birthdate", "jsonType.label" : "String" } }, { - "id" : "2a3518b7-535b-4c2d-a0c7-2a00cb9616b6", - "name" : "locale", + "id" : "9885f87e-282b-44a0-8183-15689ed1b673", + "name" : "updated at", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "locale", + "user.attribute" : "updatedAt", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "locale", - "jsonType.label" : "String" + "claim.name" : "updated_at", + "jsonType.label" : "long" } }, { - "id" : "9ddc33b6-2c64-475c-8509-9636ea95b046", - "name" : "full name", + "id" : "3f51cb10-f2c7-494c-9d33-511567d3c979", + "name" : "given name", "protocol" : "openid-connect", - "protocolMapper" : "oidc-full-name-mapper", + "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { + "userinfo.token.claim" : "true", + "user.attribute" : "firstName", "id.token.claim" : "true", "access.token.claim" : "true", - "userinfo.token.claim" : "true" + "claim.name" : "given_name", + "jsonType.label" : "String" } }, { - "id" : "ce45052b-fcd1-4702-b173-a04cd13fb019", - "name" : "birthdate", + "id" : "bf1c399a-a8a4-49ff-ba78-fd4e4f7a9180", + "name" : "picture", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "birthdate", + "user.attribute" : "picture", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "birthdate", + "claim.name" : "picture", "jsonType.label" : "String" } }, { - "id" : "6c77b0b4-3913-4b36-9d0f-937e751ee2bf", - "name" : "username", + "id" : "85e72a9b-54f8-4f16-91e1-e3e89473d166", + "name" : "locale", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "username", + "user.attribute" : "locale", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "preferred_username", + "claim.name" : "locale", "jsonType.label" : "String" } }, { - "id" : "0ae5d250-0e5f-417e-a96f-49064a233d5f", - "name" : "website", + "id" : "86559fbb-1804-4698-bea6-04a9cab967b8", + "name" : "gender", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "website", + "user.attribute" : "gender", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "website", + "claim.name" : "gender", "jsonType.label" : "String" } }, { - "id" : "5abd4c42-63cf-4c91-95bd-eb77f78819bb", - "name" : "middle name", + "id" : "5f630602-ef17-4ac3-a179-4411767e6f2c", + "name" : "nickname", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "middleName", + "user.attribute" : "nickname", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "middle_name", + "claim.name" : "nickname", "jsonType.label" : "String" } }, { - "id" : "6f3a292a-a7ad-474c-804a-fc378b648385", - "name" : "profile", + "id" : "bfa6373c-3300-459a-9f97-79e7cb5c589e", + "name" : "family name", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "profile", + "user.attribute" : "lastName", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "profile", + "claim.name" : "family_name", "jsonType.label" : "String" } }, { - "id" : "bc82dd77-43a2-4368-b207-998664f7fef0", - "name" : "gender", + "id" : "820fc2e3-cb11-4911-830c-083398ba6d77", + "name" : "full name", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", + "protocolMapper" : "oidc-full-name-mapper", "consentRequired" : false, "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "gender", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "gender", - "jsonType.label" : "String" + "userinfo.token.claim" : "true" } }, { - "id" : "b009c1d6-df3c-42a7-822f-c1afe4630696", - "name" : "family name", + "id" : "954115f4-4141-48c4-af89-2317e359b0cd", + "name" : "middle name", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "lastName", + "user.attribute" : "middleName", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "family_name", + "claim.name" : "middle_name", "jsonType.label" : "String" } }, { - "id" : "6c455828-e11e-4a29-b7e8-80f90a55a4c5", - "name" : "updated at", + "id" : "7eff74f6-61d0-445f-b7d9-d69f2998631d", + "name" : "username", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "updatedAt", + "user.attribute" : "username", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "updated_at", - "jsonType.label" : "long" + "claim.name" : "preferred_username", + "jsonType.label" : "String" } }, { - "id" : "4a52eabe-e0dc-450a-9a4f-18d0a260b355", - "name" : "given name", + "id" : "4c145629-a4b4-467f-9890-cf994fa15d6f", + "name" : "zoneinfo", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "firstName", + "user.attribute" : "zoneinfo", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "given_name", + "claim.name" : "zoneinfo", "jsonType.label" : "String" } }, { - "id" : "ac72fa74-149c-4288-9fe4-f124e2eb97be", - "name" : "zoneinfo", + "id" : "adb53a97-723e-4052-8eba-86b9c75107ca", + "name" : "profile", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-attribute-mapper", "consentRequired" : false, "config" : { "userinfo.token.claim" : "true", - "user.attribute" : "zoneinfo", + "user.attribute" : "profile", "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "zoneinfo", + "claim.name" : "profile", "jsonType.label" : "String" } } ] }, { - "id" : "20f494e9-170c-40e2-a5b0-8eb8a4cbe07d", - "name" : "web-origins", - "description" : "OpenID Connect scope for add allowed web origins to the access token", - "protocol" : "openid-connect", - "attributes" : { - "include.in.token.scope" : "false", - "display.on.consent.screen" : "false", - "consent.screen.text" : "" - }, - "protocolMappers" : [ { - "id" : "cee3f724-1742-478a-9086-8a4c36ec6aab", - "name" : "allowed web origins", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-allowed-origins-mapper", - "consentRequired" : false, - "config" : { } - } ] - }, { - "id" : "b67b494a-dd48-4d4b-8bbc-64569f943686", - "name" : "phone", - "description" : "OpenID Connect built-in scope: phone", + "id" : "9c6fce98-d35c-440f-acde-646d83b59e3d", + "name" : "address", + "description" : "OpenID Connect built-in scope: address", "protocol" : "openid-connect", "attributes" : { "include.in.token.scope" : "true", "display.on.consent.screen" : "true", - "consent.screen.text" : "${phoneScopeConsentText}" + "consent.screen.text" : "${addressScopeConsentText}" }, "protocolMappers" : [ { - "id" : "bcfe6ac6-74a2-4da5-b89c-5eeba0a4b8d1", - "name" : "phone number", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumber", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "phone_number", - "jsonType.label" : "String" - } - }, { - "id" : "6b728bc5-299b-4755-a201-3625d5ac979f", - "name" : "phone number verified", + "id" : "55bf15c8-95b1-406a-955e-9b8cdb01b8a3", + "name" : "address", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", + "protocolMapper" : "oidc-address-mapper", "consentRequired" : false, "config" : { + "user.attribute.formatted" : "formatted", + "user.attribute.country" : "country", + "user.attribute.postal_code" : "postal_code", "userinfo.token.claim" : "true", - "user.attribute" : "phoneNumberVerified", + "user.attribute.street" : "street", "id.token.claim" : "true", + "user.attribute.region" : "region", "access.token.claim" : "true", - "claim.name" : "phone_number_verified", - "jsonType.label" : "boolean" + "user.attribute.locality" : "locality" } } ] }, { - "id" : "cad3163b-a8cd-4ca3-ae24-aea3511dc37d", - "name" : "microprofile-jwt", - "description" : "Microprofile - JWT built-in scope", + "id" : "4f06f033-7d80-4dd9-b076-49d033efb1d3", + "name" : "roles", + "description" : "OpenID Connect scope for add user roles to the access token", "protocol" : "openid-connect", "attributes" : { - "include.in.token.scope" : "true", - "display.on.consent.screen" : "false" + "include.in.token.scope" : "false", + "display.on.consent.screen" : "true", + "consent.screen.text" : "${rolesScopeConsentText}" }, "protocolMappers" : [ { - "id" : "92aa7a91-dd44-4df0-8071-3ad34ff5fadf", - "name" : "groups", + "id" : "addeaeba-1c67-443b-899f-89669035d607", + "name" : "audience resolve", + "protocol" : "openid-connect", + "protocolMapper" : "oidc-audience-resolve-mapper", + "consentRequired" : false, + "config" : { } + }, { + "id" : "c08fa126-bf68-4843-a7ab-e05c7320a9f6", + "name" : "realm roles", "protocol" : "openid-connect", "protocolMapper" : "oidc-usermodel-realm-role-mapper", "consentRequired" : false, "config" : { - "multivalued" : "true", "user.attribute" : "foo", - "id.token.claim" : "true", "access.token.claim" : "true", - "claim.name" : "groups", - "jsonType.label" : "String" + "claim.name" : "realm_access.roles", + "jsonType.label" : "String", + "multivalued" : "true" } }, { - "id" : "5ddfd742-98c3-4b07-8020-7ca5adf14ce3", - "name" : "upn", + "id" : "1b8bb890-a4ca-4ca6-917d-c18fc54a4be4", + "name" : "client roles", "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", + "protocolMapper" : "oidc-usermodel-client-role-mapper", "consentRequired" : false, "config" : { - "userinfo.token.claim" : "true", - "user.attribute" : "username", - "id.token.claim" : "true", + "user.attribute" : "foo", "access.token.claim" : "true", - "claim.name" : "upn", - "jsonType.label" : "String" + "claim.name" : "resource_access.${client_id}.roles", + "jsonType.label" : "String", + "multivalued" : "true" } } ] } ], @@ -1269,41 +1269,48 @@ "identityProviderMappers" : [ ], "components" : { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ { - "id" : "d99f7318-7580-47b6-8b36-a27c4d3f8bf8", + "id" : "c6dab089-f716-4547-9d48-f9f41041235e", + "name" : "Full Scope Disabled", + "providerId" : "scope", + "subType" : "anonymous", + "subComponents" : { }, + "config" : { } + }, { + "id" : "30b16a1e-9f55-4782-a3d4-c260cb725eb0", "name" : "Allowed Protocol Mapper Types", "providerId" : "allowed-protocol-mappers", - "subType" : "authenticated", + "subType" : "anonymous", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "saml-user-property-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper" ] + "allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "saml-role-list-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper" ] } }, { - "id" : "ccc92fcd-7716-49e8-b308-9fa03815d9d2", - "name" : "Max Clients Limit", - "providerId" : "max-clients", - "subType" : "anonymous", + "id" : "b9b78dc9-17d1-4267-bf50-1abdd5eba2ec", + "name" : "Allowed Protocol Mapper Types", + "providerId" : "allowed-protocol-mappers", + "subType" : "authenticated", "subComponents" : { }, "config" : { - "max-clients" : [ "200" ] + "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", "oidc-full-name-mapper", "saml-user-property-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper" ] } }, { - "id" : "080bbf25-1d6d-4a92-81b5-6bae2dca3802", - "name" : "Full Scope Disabled", - "providerId" : "scope", + "id" : "c6f16c72-f4d7-4f89-9960-fefe7b787019", + "name" : "Consent Required", + "providerId" : "consent-required", "subType" : "anonymous", "subComponents" : { }, "config" : { } }, { - "id" : "7e1b1513-a5d6-491a-985f-525a2095a428", - "name" : "Allowed Client Scopes", - "providerId" : "allowed-client-templates", - "subType" : "authenticated", + "id" : "a12787d9-bd90-4055-a2c9-a45fb7fc1d52", + "name" : "Max Clients Limit", + "providerId" : "max-clients", + "subType" : "anonymous", "subComponents" : { }, "config" : { - "allow-default-scopes" : [ "true" ] + "max-clients" : [ "200" ] } }, { - "id" : "222787ea-8d69-40eb-bdf6-8ca908b08d50", + "id" : "64eb5f01-e833-49a6-84fa-cac6ae9ffde1", "name" : "Allowed Client Scopes", "providerId" : "allowed-client-templates", "subType" : "anonymous", @@ -1312,7 +1319,7 @@ "allow-default-scopes" : [ "true" ] } }, { - "id" : "0e5b42b9-8a88-4875-a5b0-6b92060d1c0c", + "id" : "1875a1aa-1fef-4502-b4be-33755eb49bc1", "name" : "Trusted Hosts", "providerId" : "trusted-hosts", "subType" : "anonymous", @@ -1322,63 +1329,56 @@ "client-uris-must-match" : [ "true" ] } }, { - "id" : "a1f29bd0-93cf-45a1-9886-ab9b8c6889dd", - "name" : "Consent Required", - "providerId" : "consent-required", - "subType" : "anonymous", - "subComponents" : { }, - "config" : { } - }, { - "id" : "48b19a55-b710-42df-bda1-e49dcbf93e91", - "name" : "Allowed Protocol Mapper Types", - "providerId" : "allowed-protocol-mappers", - "subType" : "anonymous", + "id" : "b48852f9-9f80-41a8-adf0-9721cf16efb0", + "name" : "Allowed Client Scopes", + "providerId" : "allowed-client-templates", + "subType" : "authenticated", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", "oidc-full-name-mapper", "saml-role-list-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper" ] + "allow-default-scopes" : [ "true" ] } } ], "org.keycloak.keys.KeyProvider" : [ { - "id" : "89329efb-97a6-4dc7-ab9c-6d2249218387", - "name" : "hmac-generated", - "providerId" : "hmac-generated", + "id" : "fcad5686-984b-4714-9eb0-b57805590b31", + "name" : "aes-generated", + "providerId" : "aes-generated", "subComponents" : { }, "config" : { - "kid" : [ "010dfc53-f3a7-463e-9342-2bf1d5bc29fe" ], - "secret" : [ "t7-hMDpihf8KU4SFgvi0vdh6Lri6Ocme_4k0JKIuZz-FSMjhTLf3FB_X5PqVt9xEH7ILUXrNzPsCmWI839zppg" ], - "priority" : [ "100" ], - "algorithm" : [ "HS256" ] + "kid" : [ "9ad60120-b074-4143-a4af-0be0b15b3c15" ], + "secret" : [ "AKfQmPqtyXDDf2FvhRK91g" ], + "priority" : [ "100" ] } }, { - "id" : "f99f7648-b448-450d-a1bb-5b6406c2a542", + "id" : "7adb2588-b5cb-4326-a6b6-598c801e21fa", "name" : "rsa-generated", "providerId" : "rsa-generated", "subComponents" : { }, "config" : { - "privateKey" : [ "MIIEowIBAAKCAQEAk7xdeWCwIxLDb0b1hydttl5TmG/6YZIhAL8K/1ICTEPpL3mcTIhw2oIXLH2rTPwQc3QwkXFQciibaASgYptJ5K6sLZLsrr8SOuTPXUOPfqwoBWK2g5PGP9XibhcKkjda1C+him3TRIkHG6r8fE9jFqJdkCSpkVo2JWGzYjH5ZsoUJBoQVRuiQJ38Fbb9SKs3bpfbxhRQ2NhVncixtidpqoX4aU8s9i9aXGCS+EiEFJ/isExMuNCfenu5ZNCXD3NbOp2V95Ugx7ww/BxRUv+oOZXBIz7CaZbpwOOQyBsIWPU3V3+xSpu6y06uKHsrWpwQFYGvfX+LQ49/O82IzqDAVwIDAQABAoIBAAcO2bxhxSh3zgRz9Gj3lkM/MGk4+FJPA+qgNetKxLdWCz7sZW42moWl72t9uYBdDoAljeh07G33yKzog60SVC5rtegbe9lBYaKUqd9/ycw4d1UCiUux9Ke6FS5DRYsEv/8hI2uUoaJFlaRZv+REeqxrJ2MqjTtXfvy8NTC8yHiDnmiiFvyGIWpD+9ZqcX1LFNb3HFwMMCW45dYigZQBLiCTjmZq7/utbR6YZQ/v/aDDX5M/gUndRczM39ARpLxZbt/zwjVCKtK4YupifwdFjyqZ4DgoPZWzqHMN3M8cQkjZPmA33mh+JLUlVLr5tO/BDu09HRSVzXQRj1qII/EGwGkCgYEAyZDvZLWkeSeQgw9wZR1jDyCZWXCO+qZ5NmuEyC3+bBNSdmE/RITA7Eyq9WvqI6M8tft7XnTWZOMYzXJ5DA4UpgSdz2GXRH1aDuiw2qxufFfHtZg6HMYiWNR5No1cQwA8Bo3B93Ny25Z53bY7hxrf8yJ8T+Oa+jI3+1/VFabZQt0CgYEAu6HszpE6qTAosP/gEkNGBU5oM78yFgUnJnh4wS5Sg/J5f76Hk4XWscJmvfsnOOPGFIkQ/TKt+K80wdflLCksu3mlqOePeUjk+9RYyai6BGCdp/P22aT9LgOHY7dYsscPbqUXXmZdBTPY1KxDvKiOMDiZF9Z9IiA4vNcwF3xD+sMCgYAdgq255eolnshGl+0RsMK/BTvOX29ffR4D/KvdDvbP5ehN0qELrA/+yJ7C/cCy5QRPdHk0dBCrhqAr/BWC0VDumYBtS1F1QpD728+AxHwMkmF30ci4S73dmYYBmaKnYJJpNzntu6ZWReqjrjl651FgbG0c2SrodI/Dqt0spVfrtQKBgQCaDiQxonpIiZsPYLdoJ0YpeywBOL116PsxEf8Lle34GjD52sTUMjKJtvTGjZyxkAqFt9h0G5VNtwUZFxs5/ACXWRTULnPVgC1KOxo/UMKSb4VibePC5T1e91TFYbd46gnYrcIXJvK/H8erLllbYAWGwCGqudf6GfybyA7baZMjIwKBgG5AnhLd8LIWES3ymZsG8y+Cvt/LETLtFOji36XCObxAdEwsl3Fgj8lhJDgI/aiPj139thSVm9VdjaW4MfFXOL5Xmopk7seL1GZIvcJU+9F4yAjCuEJRP5CH2xYBbdcmHFWHLJoASnFbUd2qNYK6zHpgMYCS8qnClW64hKYtrxCL" ], + "privateKey" : [ "MIIEowIBAAKCAQEA9lJmN6eyFiYvYXFFVrsfACUN9Z9dp2o7M0MN9ZT9YhA8EboG1gnlh/BiEP5MnBS+AoAebA9oLs1O8Aofd4JrOlvtswPZt8OlW7OQbe4H7gx3bWkxxi4IPFFDR6cEWwAmG7BkMuTQOAs4P3EZWv9rRiLnAS8XyRfpT1fsw+fgSoQcyaoOahJvvsaQjza0nmd7yfGOF2PAYqN0EPT/4rYDPFGr/CbooFOsAvcBv2KP2awszOi6abnhLPsTpdtLU7ybk31qEWRMYdA22eYsNuUn0/wzRe6hKeo8BgNHxe//T8Hyg9qRiPtaTWi/zqcSgnHOfbQthkJ4t2AfX0h5XPe0hQIDAQABAoIBABp8KaQk/S+x02O1e4XOgOV8a8/T3uINY2go9utHpdGmz+P9Y0FzDExdkG3QqgluQYVLTqTCff/qRhPmmBOQNloECxQ11HG/MPHMkORWX7aSKJU0ZmGvZBCi5t+2xEUfSE8EhwGMkMbgjfUPAsbssmrMKJfRVHa5giCXN6H+Nfj3nZBuWCFTrSQD9Kxics0ZQXgBHOQ6mvPOdGq0605YqDSO9DR68C5snocc/ifTcsgN1uY1TpmHccRTPhFE2+mpc4omOI3P9sUL7eSyFFMQAmJwXdfqUKUdyr0nMcW1Q4P0Ae1+mQA0j/mLgrkcMF8ho3haCrUjmLg6xyU2LNjcH9ECgYEA+yWCkj3JdDGOes4TlXb9VO8UaxfcWZ5M8bgR5oatO64jhVOnXnOAkjtMJ2a/d65nQKnyWQX7JdRZ4w0cmIt0ddA1ju1OJkwk2nMe3IJj6ajMf7YO7Ih/tmjqHUXOSd+RjJB6IpS87a4VPLP0e0Q7ACGVCXCSnxOov+hY9qi10gMCgYEA+xUFN+LPaHQi5GH8i6AS9xjFnHuZc1JoIgIh/yHcRK10NufjNABHtQleOYwqlJQRkRHOul2qEu6oLMzCSdIEVnVgEv1p1IZvJDCHJB3xwzCoKK1eEAHRaV0Wr6zHbCd/3eElAUiE8eX4DLJmS0RXXAUeZm1sTqA/N/BS+lXEHNcCgYBre9I15FujbtIbnLak8RfakbebXcrgT+9+Q9jlYB4jvJNXLEYlFimga+BbvI2VGv71ncYqc3TY69jMY4ApiQV+pm1Fjio0GcJr+3jpxqQcDDH5NmGMuZ5u4tfPT2DKHPSdw/eBdUamMirEn/+yAbF+jODL+XHGwxMljrsEVY/7IQKBgQDB8b/BJnqtpZ/aJ/JK7BAaPFFQiYzDrrDvLBSUndQmXJF7Y+11mo3JQn49F49Ai4tyMn4sKPOZgi33xQaCvS5KlonqwULBPkKVgsKw3EyGSIxsN1aEKNNYfuZqNp0oZu53NlU+Q4Ul0Uykih1IIHcWhoGv/u/9X/zVOdbutdcxqwKBgFKrcTd4wUZOR6t5Pwc5im3Ag6KqoOklp4P01b/EgfBBFBssNf46YFDEtNa3K1wVl+8pek1gk/9OS7i44v/v9ftqGgX8rd6fHOc5oLh2Kt4mDXaEi0p2cEtu0wJybjr+pd5WbpHaAvOkt2ZDgEYv+RS8SCASdwyjbl63zBHtT5zG" ], "keyUse" : [ "SIG" ], - "certificate" : [ "MIICmzCCAYMCBgGSw5salzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjQxMDI1MTIxNDM1WhcNMzQxMDI1MTIxNjE1WjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTvF15YLAjEsNvRvWHJ222XlOYb/phkiEAvwr/UgJMQ+kveZxMiHDaghcsfatM/BBzdDCRcVByKJtoBKBim0nkrqwtkuyuvxI65M9dQ49+rCgFYraDk8Y/1eJuFwqSN1rUL6GKbdNEiQcbqvx8T2MWol2QJKmRWjYlYbNiMflmyhQkGhBVG6JAnfwVtv1Iqzdul9vGFFDY2FWdyLG2J2mqhfhpTyz2L1pcYJL4SIQUn+KwTEy40J96e7lk0JcPc1s6nZX3lSDHvDD8HFFS/6g5lcEjPsJplunA45DIGwhY9TdXf7FKm7rLTq4oeytanBAVga99f4tDj387zYjOoMBXAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAEVARuJVflPo6C9XGoh4klPMy5m5Wk0H81mtC+AqTqKpfXr+PE9mDzxayL4UcVNLrdfVIIhuOw2M4eustlcdf+EDEMfC6a2OHxsZM6z+qvdjQRW44tgjl8UpJZt4BOIaZh0o72KA/dafLga8ykvpKVXY1KzkTmxtMA9CZFq4YINJeGnrYz+k/OvEUeCJlS+fdz0cHRLpahCZAXKvtw3aSsWv0yNTVF/iDgzM6dufJc56am29rrN58m3VQ/cIgbfUU8BoQL7P8gY3cOj+OFDRg7TwcmVm0r3edc7ZLPlatxS5W4hWpgkeVr+yFugnOKn4ldPyhtTtmnBMm3QKxXEcpxY=" ], + "certificate" : [ "MIICmzCCAYMCBgGTAcLyZzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjQxMTA2MTM1NDMzWhcNMzQxMTA2MTM1NjEzWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD2UmY3p7IWJi9hcUVWux8AJQ31n12najszQw31lP1iEDwRugbWCeWH8GIQ/kycFL4CgB5sD2guzU7wCh93gms6W+2zA9m3w6Vbs5Bt7gfuDHdtaTHGLgg8UUNHpwRbACYbsGQy5NA4Czg/cRla/2tGIucBLxfJF+lPV+zD5+BKhBzJqg5qEm++xpCPNrSeZ3vJ8Y4XY8Bio3QQ9P/itgM8Uav8JuigU6wC9wG/Yo/ZrCzM6LppueEs+xOl20tTvJuTfWoRZExh0DbZ5iw25SfT/DNF7qEp6jwGA0fF7/9PwfKD2pGI+1pNaL/OpxKCcc59tC2GQni3YB9fSHlc97SFAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAMrb+RBnHVgtdWdefaQ5jcqwige7w/s8YC7uTn22MK673zFNBc8BPuTb96GPPvhTm6jB1SxdV7n9M13PCfpNcRIcDAckggUz8TpKMcsmI3+t6fainfRpSvmNoeJq4pmydkkgyqL7q1EUdC3I/ukNzD9xYpYw8N+Vn/kHJdrScfYTAO44OjcVnTGYuXEgzOs1XB70WoesPMWZmYfOAACKTHYOuBAGkk38Cj3re1bFJs9zt5ZJvHEx/SEV6thSIEMPUeIxOecTozxOYSTTq5slApqX8tYOOl2U0oRKlmHxR5bB0b973SF/Nlb+t4q9A1jocBZpP9u+kc8RKe3h5HNPne0=" ], "priority" : [ "100" ] } }, { - "id" : "ff1bd561-7680-4683-8be6-eac2bc649544", - "name" : "aes-generated", - "providerId" : "aes-generated", + "id" : "c6475ee2-b293-48d5-aebd-177aeeb8fdfd", + "name" : "hmac-generated", + "providerId" : "hmac-generated", "subComponents" : { }, "config" : { - "kid" : [ "fb011f7a-4233-4260-9d0e-bf374257a742" ], - "secret" : [ "0cX7jfLJJ4OwKriWDE82nw" ], - "priority" : [ "100" ] + "kid" : [ "264d7676-0c52-435a-9398-97d4a068aafd" ], + "secret" : [ "KEkTnbbosq0mflHHdmQOTVgtoZ6__YFy606sHhgEGbozEb3TySMxHc9YWVjjN5CcH_WXVaKTJa5y4kWIV_GMjA" ], + "priority" : [ "100" ], + "algorithm" : [ "HS256" ] } }, { - "id" : "48dfe311-93b1-46b4-9bbc-209044e4e135", + "id" : "7abf5d44-fb54-4aab-a597-b93d1a06752e", "name" : "rsa-enc-generated", "providerId" : "rsa-enc-generated", "subComponents" : { }, "config" : { - "privateKey" : [ "MIIEogIBAAKCAQEAnFAHCoKBmhyEYc2jRr8KSnXa5pAZDj3KRE/Zk6+NUgbGAVjGeeo6VpcHVDCU2q7nhxvaRp4rVBf+Y/uvL8I57tl3amcXNmSoowKl/Hzmz0jdcZiUw6FkgbVvbndUya7Kh9YoKhd5Aq5yxTCfSDiUSEX5pdb3uvsi85FlVJmPhSDevgLHydaGLED5Fc9atpcXLvrRQ0NtT2DZ/w1qtrOzbrZBjNHiPuuYuzc7asm9rlQpseKrs4/jYqDmEuVU/83Ifx/LmJb13XZWFEoMYvCzLclkukv+hDX62QDxjMccq4ifZoNVyh9i69Qsudd25sCwq38MOPKZ+JCmDm0USZHn8wIDAQABAoIBACqZsOGPYczjerzA83/DbwWOCyONIBb+hhKKBI04afZx/CK/1A/D4zRYItoyB092HYl38MwQLVTU2TLclAkbEPjkcaQhBnV/h2otvZkLXUge3qMn51tNr/udvAnKIeR5a58LoZSfIw61BnhxYOeo69iqoXguFwPxj7v74zbkRvYL6tPTUr1VCmwr3pf9s7wreklTIdH5d1hP4+Uv6ZkMT0piWhZI8wZGnRGfO3kYkuOK+37lLoZyjzbUrg/uPzPrEsL7ktQo5hw1mD0b46ZZE3ErEVszt0WIVjglum7ekVvD2C6j4s0TdrChHGdhmfPc7TDtbsNpbhIqeRPc0asJSFECgYEA2mGdWn42MKBO/gMSm+uqpJhbCrzJ1WlgclCWoY7oMpuVOnX8RPFuyuSHr7OoXE49R6aH+LW1cRc+2jwj+TNlOjNhuruMJGWGXEz2TMK9vz0ZZzh7DUtCLsaUQIVNBtpUjz3hKsmsudLR9itoDh6VPu1TR0uBOHpjSFa4iuUkV6kCgYEAtz0/ptF8BKJmlRFiwL5ob13GGX836lgwPsnitzJnEVVc52As5bzqrNdE4QF5eHpzDq3D2oqZ6QXMWtyc78/ffq/ArVqaNw7/ASZlPPawDbFi1Ccd1N5REJ6LNlhmhH25wt5nAn9cqbLGX21BI029YZPSmCdcAOjDYpYCkl3klDsCgYAfG/jGg2RE2RFnrhhgjdnpSKrvhKVb+X77ye8rZKg/TVqc0WH2kE4wKQ4LQZSiUaL5KggErh4C1kTl4dteDKxG9jrd1wnHxY62Z2BO3w8YxyNvSOR+qFHtR+ympFasuz2AilghOEmazyWJ4/UWzdSE+ln6tg7adNTf4Tq4zpu2wQKBgC14hn4YB+WCg2BEgzP/TB0usQUMu8xse/Ro1tjNKiR0AWztQdb0zWt8s/v+CK2r/TdMSYjG0jCwHqkBi/Q6qmReqrqZ/CDjmMYpSAAb205akYLB/jYfwRAVt8gRoccJB/rig79r6Yu28GEn1H01QmSfcSgOxFb5a9rgDN1TbXCXAoGAcJ5Hj4g8sEH+H3jUQMR8sSQf/eC6rHD6Sen3wVK/sZxRB4Mi/hBAndPSqPMZXjudKcL61D3PM4o12uRKRkyzldK31114bQNcCByQVaWTzVzH2zElHeLzqALV2m2vGRgBWxIw4jkoPIdfWiiB9ZiQZo4KqQVOwScvqderhqe9ZWs=" ], + "privateKey" : [ "MIIEowIBAAKCAQEAwfFfa5U9C8cidR3SGsDdiV0ypnT+qpom7hN0HcFQ8aZ/+DG/TEqPDlw6NcvHKJQUjxN50cyusCWD0r/1i+VFCbRSrREbtp9IjWEBzg1bzPIw9LgJdCp8Iw7aGbTrlgL5of1bCfMkp3FtkQs7mHolclTuafbg8xtpzPsK/0WzER6mRUk5l+n0fj1jE7TdzxfaidhnTL/LckXxjxYnID1OctFT1vheIebRBuPh5qIoxe4v+m6MogWLTTFHG5qm6XuQ43/qh+qZdslPuf4gqcfNlWxCTO5qZ3a8jHy/vKC/ZclDsqyy9Mui9xwpA5fbfnnwlFp7H3XiXlYb+vTew+TbswIDAQABAoIBACWTV+r2p7Sz+MubIv1295UpHuqcSUkRg9BlqX4oWb/wA+Q48zjbSzs7iDWrDSOiCRetbNFGqGPNaOx4r6DSo10deFU6ttVbqAloTZq4ANzE4dJQI9jDcHi0ZHJNmMVgPzBw72YOmz/r3JAZDotcwwuTQ/v4zp2bZpTF4NwTi32ZzbyMJ5TN+7lxajwfX6LDKfx+lINAxL5+XjShDSlLjsnGUgjMTG9k1VZpjGZM/4p9bPV5onk23y1bPEE+HisFFJKsWz+m9Xmzuy86q07h+rv8F/oZbcuAiTwT38YMHoMTHCPnxSEK3kNLbRTkVNRSQXrgP4rzJQSyUuDuqXJ8NPkCgYEA5AeRa+ADVC8z9/tZ3BvuCC5a9aTwT+B+UgB55r2iwSRj/20O6Il/jhH0aF94G2iiXaIQoUmUgwwol/ylg1xi0TQs6+fWypjJUB2rb0g719uivEDSnGmlqXzwATxDpNpHj/NID1uFyS3Ohq23SGa3Gq7B+evFfocsLkRSAt4VU8kCgYEA2btv2EN8xJc7bNvHOmQf22BeJKb31fz/ALR/pYnLDHU5wCJKsX25b1jrGn1tqB+73rTGZaCxddjZ9SmI6fzJPX9NEZjYZljUV1V6h/p8VRcRTyn4OMm+OpMr7o7NK38vf+Re+6rvMM9ZDt5C2NvCRme5IzxIuwWUIKLWOQKomZsCgYEA4X8ebsg7Yn+/a6azaThxfsOgjbTLNKJzKNJxuh2kGk3LWadWi9yVOEBHKwPl+WzSy7ddrLHf3GwkpJBiePHegrWPCsbcoMLQqZp9kvGixEbduj58R9Mt0NrNWNtopVh6Vj8l7pH6TkUvK/4T9tQklI1nI6flSMeRiDtlwpIuEwkCgYBtq/crVNsc3xxkudOBevt88e6ZwaymkfgUb9a4GE85qDZ9rAg5nR1xk7Vgs3svq0RjamVgvW+F78PhtJktW1I2cs/sJDQkYWwbzYeZxLcp2SOz320TlbMHKCiB0lZQKZFQd0TMuY4f5OF0FspPF2qlMgvUTsJHygiR49PKBafNLwKBgA6XWu4y13wH/eojqUDiiiJb0dqP7TciT8m4K5CQwGS4ZkzR0SD8hy0o4xVRqTGtsEEBs5m3mnpHhsQUb8olJ5YpPP2k7Q0Pap3uK70TS4A9orgpbVnGU+ltvVxMXXTgHCA+ZHXiMcplcddKdhM5Ub63LeLpdFMpwkxrjTQ7wOyR" ], "keyUse" : [ "ENC" ], - "certificate" : [ "MIICmzCCAYMCBgGSw5sb/DANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjQxMDI1MTIxNDM1WhcNMzQxMDI1MTIxNjE1WjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCcUAcKgoGaHIRhzaNGvwpKddrmkBkOPcpET9mTr41SBsYBWMZ56jpWlwdUMJTarueHG9pGnitUF/5j+68vwjnu2XdqZxc2ZKijAqX8fObPSN1xmJTDoWSBtW9ud1TJrsqH1igqF3kCrnLFMJ9IOJRIRfml1ve6+yLzkWVUmY+FIN6+AsfJ1oYsQPkVz1q2lxcu+tFDQ21PYNn/DWq2s7NutkGM0eI+65i7Nztqyb2uVCmx4quzj+NioOYS5VT/zch/H8uYlvXddlYUSgxi8LMtyWS6S/6ENfrZAPGMxxyriJ9mg1XKH2Lr1Cy513bmwLCrfww48pn4kKYObRRJkefzAgMBAAEwDQYJKoZIhvcNAQELBQADggEBABznnZv6xsacq3xVXuOrpRnd/zVbcH6X2+cxry+BCYK0r2paMK9IIA5A6tefUEfMAsheml2rrrU9R7Acna9NA50zlsQbqyKGoyWEX12SLuZ/vG/l4kUoh2U10WaDFPB+3Dj7duoXMaxCuzgzhIrw1YqqIKXmZki7LqPKQmU5Jd65JARvdifFrjsEcCk2VtEr8XwVuMj7tsAzv3JkQ8YZxpuLnQeR37AY/J3mpI7RRl8iqAOolnYi6Z5uAMas1cPRRgTcr8Lg9r88A66dZpXJrQ9MyNbuowvXAYc7RAHR3+8Vn+z7WPdt+MB1LCllqs7SWlyF24xUw4nmKGuBDBqVLRk=" ], + "certificate" : [ "MIICmzCCAYMCBgGTAcLzAzANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjQxMTA2MTM1NDMzWhcNMzQxMTA2MTM1NjEzWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB8V9rlT0LxyJ1HdIawN2JXTKmdP6qmibuE3QdwVDxpn/4Mb9MSo8OXDo1y8colBSPE3nRzK6wJYPSv/WL5UUJtFKtERu2n0iNYQHODVvM8jD0uAl0KnwjDtoZtOuWAvmh/VsJ8ySncW2RCzuYeiVyVO5p9uDzG2nM+wr/RbMRHqZFSTmX6fR+PWMTtN3PF9qJ2GdMv8tyRfGPFicgPU5y0VPW+F4h5tEG4+HmoijF7i/6boyiBYtNMUcbmqbpe5Djf+qH6pl2yU+5/iCpx82VbEJM7mpndryMfL+8oL9lyUOyrLL0y6L3HCkDl9t+efCUWnsfdeJeVhv69N7D5NuzAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAIBEa4NwcPHpmwy9K2lCVKhstINf4NWeapcHrJC0dMfUakjY51kHSl2d7qALP7x/UsAiUDH5qeXQZ5hO3xDLddKFSRTBqeskEdopP3QOyK5idVtAXsskFR9s2tOOtI/V2fo7FRsDs14qEBa3UBs2WGff2nU/m55WUrqxbdVz7h/UYK9bNAXBWh17PQVYnADyzQewfTzum8qiIEH47T9611NsjogAaFBamLIGGKrNwePT3dGxyA94sps/7Pl1GV9BhCUFbddJCYZ7ZITBXDsAbs19Eww4VxCLm0I98a7iLQIhYLJV6RM7ScOeeNkAHiZX2KloX+oAHAWNmYqSiptLVw=" ], "priority" : [ "100" ], "algorithm" : [ "RSA-OAEP" ] } @@ -1387,7 +1387,7 @@ "internationalizationEnabled" : false, "supportedLocales" : [ ], "authenticationFlows" : [ { - "id" : "7c855eed-d07d-4a8b-9635-084fa525266d", + "id" : "6c15a03c-47c9-4d1e-9f22-aea420e2a128", "alias" : "Account verification options", "description" : "Method with which to verity the existing account", "providerId" : "basic-flow", @@ -1409,7 +1409,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "2f6b5596-ce66-43bd-a4b3-9c9d2e8305ee", + "id" : "3828f68e-360e-430d-b71b-41d1c4fcd356", "alias" : "Browser - Conditional OTP", "description" : "Flow to determine if the OTP is required for the authentication", "providerId" : "basic-flow", @@ -1431,7 +1431,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "bca473e4-0005-461b-b22f-cadb14b28066", + "id" : "c068f3da-94f6-4984-802b-bf2149e1864e", "alias" : "Direct Grant - Conditional OTP", "description" : "Flow to determine if the OTP is required for the authentication", "providerId" : "basic-flow", @@ -1453,7 +1453,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "9a30bc03-1771-422c-b48b-3a3a9140c1fd", + "id" : "033a0c20-6fdc-476d-bd82-eeb7f05ed158", "alias" : "First broker login - Conditional OTP", "description" : "Flow to determine if the OTP is required for the authentication", "providerId" : "basic-flow", @@ -1475,7 +1475,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "bc2a8484-cf14-4f13-aea2-4b51d084c85a", + "id" : "d3d4b11c-677c-4da8-a889-8ea164236e95", "alias" : "Handle Existing Account", "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId" : "basic-flow", @@ -1497,7 +1497,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "c8a00021-54f6-4722-b5c5-306cc94fc881", + "id" : "52d13370-987e-42bd-95b8-ba4f3e915edb", "alias" : "Reset - Conditional OTP", "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", "providerId" : "basic-flow", @@ -1519,7 +1519,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "ae55f464-69c8-47e0-9cef-ab3c2cd11852", + "id" : "5f6cc440-088a-46ff-a6ef-250abc2e3d8b", "alias" : "User creation or linking", "description" : "Flow for the existing/non-existing user alternatives", "providerId" : "basic-flow", @@ -1542,7 +1542,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "94900162-9650-466b-b2ad-5a35f9341964", + "id" : "20dff287-942b-48dc-9bb9-38f9a3176de2", "alias" : "Verify Existing Account by Re-authentication", "description" : "Reauthentication of existing account", "providerId" : "basic-flow", @@ -1564,7 +1564,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "4fb3f0d0-6ea2-4e7d-b32a-39cb3aeb2dc8", + "id" : "282ae44a-4c5c-4049-acb2-a9487930fe79", "alias" : "browser", "description" : "browser based authentication", "providerId" : "basic-flow", @@ -1600,7 +1600,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "2bc6cb53-3b6c-4efa-a331-8d33f26cd573", + "id" : "2c3c79c8-d464-4512-b30a-44de335d6118", "alias" : "clients", "description" : "Base authentication for clients", "providerId" : "client-flow", @@ -1636,7 +1636,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "e96f4f56-1759-4268-a10d-7d04ff78a68b", + "id" : "f465b7e9-4fe5-4260-856c-5612cba14910", "alias" : "direct grant", "description" : "OpenID Connect Resource Owner Grant", "providerId" : "basic-flow", @@ -1665,7 +1665,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "894f24cd-0945-4459-84fd-c7c830c6c01b", + "id" : "ae061506-c870-40ce-a8c4-0789ef3eea6e", "alias" : "docker auth", "description" : "Used by Docker clients to authenticate against the IDP", "providerId" : "basic-flow", @@ -1680,7 +1680,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "26eb3488-5154-4c31-98fc-219c0f4bfcd4", + "id" : "a956da5e-dd96-4d45-8f00-36f550424db3", "alias" : "first broker login", "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId" : "basic-flow", @@ -1703,7 +1703,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "c3a9c7dc-008f-4385-b89c-b0221c9976fb", + "id" : "a4241dd8-a2bf-43c1-a5e0-d52d4d2cee93", "alias" : "forms", "description" : "Username, password, otp and other auth forms.", "providerId" : "basic-flow", @@ -1725,7 +1725,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "d6b1355c-1faa-4071-a14b-bfa5ffb8814c", + "id" : "fed7e5c7-3635-4a47-aef5-ff5f670e3206", "alias" : "registration", "description" : "registration flow", "providerId" : "basic-flow", @@ -1741,7 +1741,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "d44874e2-c1b8-4c0f-a87b-4e29dbb6c627", + "id" : "9e3b6223-12dd-412f-9324-119692897c21", "alias" : "registration form", "description" : "registration form", "providerId" : "form-flow", @@ -1784,7 +1784,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "0ffc7086-81e1-4b80-b111-f7790e97e31b", + "id" : "b46fcca4-9f9c-4b12-82e1-fe1e037d25f6", "alias" : "reset credentials", "description" : "Reset credentials for a user if they forgot their password or something", "providerId" : "basic-flow", @@ -1820,7 +1820,7 @@ "userSetupAllowed" : false } ] }, { - "id" : "15eab508-3c28-4dd0-a2ec-c9f7117c58a3", + "id" : "52bb1ef5-7c2e-42cd-b744-be0331cc7682", "alias" : "saml ecp", "description" : "SAML ECP Profile Authentication Flow", "providerId" : "basic-flow", @@ -1836,13 +1836,13 @@ } ] } ], "authenticatorConfig" : [ { - "id" : "1308bff8-b987-4449-b09a-9759b1e936ed", + "id" : "acadb8f4-162a-4f9c-89d9-0e6e87e470af", "alias" : "create unique user config", "config" : { "require.password.update.after.registration" : "false" } }, { - "id" : "82d95c96-51a1-403f-8d15-404b60f1352d", + "id" : "44e801dd-c0e0-4da7-b354-95010a34c61b", "alias" : "review profile config", "config" : { "update.profile.on.first.login" : "missing" @@ -2288,7 +2288,9 @@ "path" : "/admin", "attributes" : { }, "realmRoles" : [ ], - "clientRoles" : { }, + "clientRoles" : { + "realm-management" : [ "realm-admin" ] + }, "subGroups" : [ ] } ], "defaultRole" : { @@ -2339,8 +2341,8 @@ "id" : "61e3b74a-a8c4-4b1e-8050-e5469d56b77e", "type" : "password", "userLabel" : "My password", - "createdDate" : 1729858937091, - "secretData" : "{\"value\":\"9GCa4Q9etvS2BEVg1WEm0zJ3+2YUAKboV3zMlqu9aoY=\",\"salt\":\"ARMv2kJR835R9kqcggmNMQ==\",\"additionalParameters\":{}}", + "createdDate" : 1730902622552, + "secretData" : "{\"value\":\"l8uaVWB5i3zjRvskcGANgWrlLQkO/PHNu8N/B/zKvF0=\",\"salt\":\"FcRbSzLYkPmQeGYlbEpR8g==\",\"additionalParameters\":{}}", "credentialData" : "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" } ], "disableableCredentialTypes" : [ ], @@ -3335,7 +3337,7 @@ "subType" : "anonymous", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "oidc-address-mapper" ] + "allowed-protocol-mapper-types" : [ "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-full-name-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "oidc-usermodel-property-mapper" ] } }, { "id" : "e39a6376-abb0-4130-888d-60e85966cb6a", @@ -3344,7 +3346,7 @@ "subType" : "authenticated", "subComponents" : { }, "config" : { - "allowed-protocol-mapper-types" : [ "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-usermodel-attribute-mapper", "saml-user-attribute-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper", "oidc-full-name-mapper" ] + "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper" ] } }, { "id" : "a6543da3-77ec-4635-8bf8-6141c83f98b1", diff --git a/src/biodm/components/services/dbservice.py b/src/biodm/components/services/dbservice.py index 886609c..993a87b 100644 --- a/src/biodm/components/services/dbservice.py +++ b/src/biodm/components/services/dbservice.py @@ -4,11 +4,11 @@ from typing import Callable, List, Sequence, Any, Dict, overload, Literal, Type, Set from sqlalchemy import select, delete, or_, func -from sqlalchemy.exc import IntegrityError +from sqlalchemy.exc import SQLAlchemyError from sqlalchemy.ext.asyncio import AsyncSession from sqlalchemy.ext.hybrid import hybrid_property from sqlalchemy.orm import ( - load_only, selectinload, joinedload, ONETOMANY, MANYTOONE, make_transient, Relationship + load_only, selectinload, joinedload, ONETOMANY, MANYTOONE, Relationship ) from sqlalchemy.sql import Delete, Select from sqlalchemy.sql.selectable import Alias @@ -17,7 +17,7 @@ from biodm.component import ApiService from biodm.components import Base from biodm.exceptions import ( - DataError, EndpointError, FailedCreate, FailedRead, FailedDelete, ReleaseVersionError, UpdateVersionedError, UnauthorizedError + DataError, EndpointError, FailedCreate, FailedRead, FailedDelete, ImplementionError, ReleaseVersionError, UpdateVersionedError, UnauthorizedError ) from biodm.managers import DatabaseManager from biodm.tables import ListGroup, Group @@ -57,13 +57,9 @@ async def _insert( missing = self.table.required - stmt.keys() raise DataError(f"{self.table.__name__} missing the following: {missing}.") - # May occur in some cases for versioned resources. - except IntegrityError as ie: - if 'unique' in ie.args[0].lower() and 'version' in ie.args[0]: - raise UpdateVersionedError( - "Attempt at updating versioned resources." - ) - raise FailedCreate(str(ie)) + + except SQLAlchemyError as se: + raise FailedCreate(str(se)) @DatabaseManager.in_session async def _insert_list( @@ -445,18 +441,18 @@ def gen_upsert_holder( missing_data = self.table.required - pending_keys if missing_data: - if all(k in pending_keys for k in self.table.pk): # pk present: UPDATE. - if (data.keys() - self.table.pk) and self.table.is_versioned: - raise UpdateVersionedError( - "Attempt at updating versioned resources detected" - ) - # submitter_username special col - elif missing_data == {'submitter_username'} and self.table.has_submitter_username: + if missing_data == {'submitter_username'} and self.table.has_submitter_username: if not user_info or not user_info.is_authenticated: raise UnauthorizedError() data['submitter_username'] = user_info.display_name + elif all(k in pending_keys for k in self.table.pk): # pk present: UPDATE. + if (data.keys() - self.table.pk) and self.table.is_versioned: + raise UpdateVersionedError( + "Attempt at updating versioned resources detected" + ) + else: raise DataError(f"{self.table.__name__} missing the following: {missing_data}.") @@ -741,6 +737,7 @@ async def filter( self, fields: List[str], params: Dict[str, str], + count: bool = False, stmt_only: bool = False, user_info: UserInfo | None = None, **kwargs @@ -752,7 +749,7 @@ async def filter( reverse = params.pop('reverse', None) # TODO: ? # start building statement. - stmt = select(self.table) + stmt = select(self.table).distinct() # For lower level(s) propagation. propagate = {"start": offset, "end": limit, "reverse": reverse} @@ -796,7 +793,16 @@ async def filter( # if exclude: # stmt = select(self.table.not_in(stmt)) + if count: # Count can only be passed from a controller. + if stmt_only: + raise ImplementionError( + "filter arguments: count cannot be used in conjunction with stmt_only !" + ) + stmt = select(func.count()).select_from(stmt) + return await self._select(stmt) + stmt = stmt.offset(offset).limit(limit) + # stmt = stmt.slice(offset-1, limit-1) # TODO [prio-low] investigate return stmt if stmt_only else await self._select_many(stmt, **kwargs) @DatabaseManager.in_session diff --git a/src/biodm/components/services/kcservice.py b/src/biodm/components/services/kcservice.py index 07ea193..2e4b1bd 100644 --- a/src/biodm/components/services/kcservice.py +++ b/src/biodm/components/services/kcservice.py @@ -2,10 +2,14 @@ from typing import Any, Dict, List from pathlib import Path -from biodm.exceptions import DataError, UnauthorizedError -from biodm.managers import KeycloakManager +from sqlalchemy.ext.asyncio import AsyncSession + +from biodm.components import Base +from biodm.exceptions import DataError +from biodm.managers import KeycloakManager, DatabaseManager from biodm.tables import Group, User from biodm.utils.security import UserInfo +from biodm.utils.sqla import UpsertStmtValuesHolder from biodm.utils.utils import to_it, classproperty from .dbservice import CompositeEntityService @@ -17,11 +21,35 @@ def kc(cls) -> KeycloakManager: """Return KCManager instance.""" return cls.app.kc + # @DatabaseManager.in_session + # async def _insert( + # self, + # stmt: UpsertStmtValuesHolder, + # user_info: UserInfo | None, + # session: AsyncSession + # ) -> Base: + # """INSERT one object into the DB, check token write permissions before commit.""" + # await self._check_permissions("write", user_info, stmt) + # try: + # item = await session.scalar(stmt.to_stmt(self)) + # if item: + # return item + + # missing = self.table.required - stmt.keys() + # raise DataError(f"{self.table.__name__} missing the following: {missing}.") + # except: + # TODO: [prio-high] catch missing = 'id' case, that indicates resource couldn't be created on keycloak -> unsuficiently priviledge token. + @abstractmethod - async def _update(self, remote_id: str, data: Dict[str, Any]): + async def _update(self, remote_id: str, data: Dict[str, Any], user_info: UserInfo): """Keycloak entity update method.""" raise NotImplementedError + @abstractmethod + async def import_all(self) -> None: + """Import all entities of that type from keycloak.""" + raise NotImplementedError + async def sync( self, remote: Dict[str, Any], @@ -38,11 +66,7 @@ async def sync( if data.get(key, None) and data.get(key, None) != remote.get(key, None) } if update: - if not user_info.is_admin: - raise UnauthorizedError( - f"only administrators are allowed to update keycloak entities." - ) - await self._update(remote['id'], update) + await self._update(remote['id'], update, user_info=user_info) data.update(fill) @abstractmethod @@ -63,8 +87,11 @@ def kcpath(path) -> Path: """Compute keycloak path from api path.""" return Path("/" + path.replace("__", "/")) - async def _update(self, remote_id: str, data: Dict[str, Any]): - return await self.kc.update_group(group_id=remote_id, data=data) + async def import_all(self, user_info: UserInfo) -> None: + raise NotImplementedError + + async def _update(self, remote_id: str, data: Dict[str, Any], user_info: UserInfo): + return await self.kc.update_group(group_id=remote_id, data=data, user_info=user_info) async def read_or_create( self, @@ -79,25 +106,22 @@ async def read_or_create( :type user_info: UserInfo """ path = self.kcpath(data['path']) - group = await self.kc.get_group_by_path(str(path)) + group = await self.kc.get_group_by_path(str(path), user_info=user_info) if group: await self.sync(group, data, user_info=user_info) return - if not user_info.is_admin: - raise UnauthorizedError( - f"group {path} does not exists, only administrators are allowed to create new ones." - ) - parent_id = None if not path.parent.parts == ('/',): - parent = await self.kc.get_group_by_path(str(path.parent)) + parent = await self.kc.get_group_by_path(str(path.parent), user_info=user_info) if not parent: raise DataError("Input path does not match any parent group.") parent_id = parent['id'] - data['id'] = await self.kc.create_group(path.name, parent_id) + cr_id = await self.kc.create_group(path.name, parent_id, user_info=user_info) + if cr_id: + data['id'] = cr_id async def write( self, @@ -108,31 +132,35 @@ async def write( ): """Create entities on Keycloak Side before passing to parent class for DB.""" # Create on keycloak side - for group in to_it(data): - # Group first. - await self.read_or_create(group, user_info=user_info) - # Then Users. - for user in group.get("users", []): - await User.svc.read_or_create( - user, - user_info=user_info, - groups=[group["path"]], - group_ids=[group["id"]] - ) - - # Send to DB without user_info. - return await super().write(data, stmt_only=stmt_only, **kwargs) + if user_info and user_info.keycloak_admin: + for group in to_it(data): + # Group first. + await self.read_or_create(group, user_info=user_info) + # Then Users. + for user in group.get("users", []): + await User.svc.read_or_create( + user, + user_info=user_info, + groups=[group["path"]], + group_ids=[group["id"]] + ) + + return await super().write(data, stmt_only=stmt_only, user_info=user_info, **kwargs) async def delete(self, pk_val: List[Any], user_info: UserInfo | None = None, **_) -> None: """DELETE Group from DB then from Keycloak.""" group_id = (await self.read(pk_val, fields=['id'])).id await super().delete(pk_val, user_info=user_info) - await self.kc.delete_group(group_id) + await self.kc.delete_group(group_id, user_info=user_info) class KCUserService(KCService): - async def _update(self, remote_id: str, data: Dict[str, Any]): - return await self.kc.update_user(user_id=remote_id, data=data) + async def import_all(self) -> None: + """Import all entities of that type from keycloak.""" + raise NotImplementedError + + async def _update(self, remote_id: str, data: Dict[str, Any], user_info: UserInfo): + return await self.kc.update_user(user_id=remote_id, data=data, user_info=user_info) async def read_or_create( self, @@ -145,8 +173,6 @@ async def read_or_create( :param data: Entry object representation :type data: Dict[str, Any] - :param user_info: requesting user info - :type user_info: UserInfo :param groups: User groups names, defaults to None :type groups: List[str], optional :param group_ids: User groups ids, defaults to None @@ -154,26 +180,19 @@ async def read_or_create( :return: User id :rtype: str """ - user = await self.kc.get_user_by_username(data["username"]) + user = await self.kc.get_user_by_username(data["username"], user_info=user_info) groups = [str(KCGroupService.kcpath(group)) for group in groups] if user: # TODO: manage groups ? Maybe useless. group_ids = group_ids or [] for gid in group_ids: - await self.kc.group_user_add(user['id'], gid) + await self.kc.group_user_add(user['id'], gid, user_info=user_info) await self.sync(user, data, user_info=user_info) - elif not user_info.is_admin: - raise UnauthorizedError( - f"user {data['username']} does not exists, " - "only administrators are allowed to create new ones." - ) - - elif not data.get('password', None): - raise DataError("Missing password in order to create User.") - else: - data['id'] = await self.kc.create_user(data, groups) + cr_id = await self.kc.create_user(data, groups, user_info=user_info) + if cr_id: + data['id'] = cr_id # Important to remove password as it is not stored locally, SQLA would throw error. data.pop('password', None) @@ -186,28 +205,29 @@ async def write( **kwargs ): """CREATE entities on Keycloak, before inserting in DB.""" - for user in to_it(data): - # Groups first. - group_paths, group_ids = [], [] - for group in user.get("groups", []): - await Group.svc.read_or_create( - group, + if user_info and user_info.keycloak_admin: + for user in to_it(data): + # Groups first. + group_paths, group_ids = [], [] + for group in user.get("groups", []): + await Group.svc.read_or_create( + group, + user_info=user_info, + ) + group_paths.append(group['path']) + group_ids.append(group['id']) + # Then User. + await self.read_or_create( + user, user_info=user_info, + groups=group_paths, + group_ids=group_ids ) - group_paths.append(group['path']) - group_ids.append(group['id']) - # Then User. - await self.read_or_create( - user, - user_info=user_info, - groups=group_paths, - group_ids=group_ids - ) - - return await super().write(data, stmt_only=stmt_only, **kwargs) + + return await super().write(data, stmt_only=stmt_only, user_info=user_info, **kwargs) async def delete(self, pk_val: List[Any], user_info: UserInfo | None = None, **_) -> None: """DELETE User from DB then from keycloak.""" user_id = (await self.read(pk_val, fields=['id'])).id await super().delete(pk_val, user_info=user_info) - await self.kc.delete_user(user_id) + await self.kc.delete_user(user_id, user_info=user_info) diff --git a/src/biodm/config.py b/src/biodm/config.py index d99c04a..cf4064a 100644 --- a/src/biodm/config.py +++ b/src/biodm/config.py @@ -7,14 +7,11 @@ except FileNotFoundError: config = Config() -# TODO: [prio medium - before release] -# Change credentials to Secret type -# Avoids leaking them in stacktraces - # Server. API_NAME = config("API_NAME", cast=str, default="biodm_instance") API_VERSION = config("API_VERSION", cast=str, default="0.1.0") API_DESCRIPTION = config("API_DESCRIPTION", cast=str, default="") + SERVER_SCHEME = config("SERVER_SCHEME", cast=str, default="http://") SERVER_HOST = config("SERVER_HOST", cast=str, default="0.0.0.0") SERVER_PORT = config("SERVER_PORT", cast=int, default=8000) @@ -44,12 +41,8 @@ KC_HOST = config("KC_HOST", cast=str, default=None) KC_REALM = config("KC_REALM", cast=str, default=None) KC_PUBLIC_KEY = config("KC_PUBLIC_KEY", cast=str, default=None) -KC_ADMIN = config("KC_ADMIN", cast=str, default=None) -KC_ADMIN_PASSWORD = config("KC_ADMIN_PASSWORD", cast=Secret, default=None) KC_CLIENT_ID = config("KC_CLIENT_ID", cast=str, default=None) KC_CLIENT_SECRET = config("KC_CLIENT_SECRET", cast=Secret, default=None) -KC_JWT_OPTIONS = config("KC_JWT_OPTIONS", cast=dict, default={'verify_exp': False, - 'verify_aud': False}) # Kubernetes. K8_IP = config("K8_IP", cast=str, default=None) diff --git a/src/biodm/managers/kcmanager.py b/src/biodm/managers/kcmanager.py index f29f702..ebfabcb 100644 --- a/src/biodm/managers/kcmanager.py +++ b/src/biodm/managers/kcmanager.py @@ -1,6 +1,7 @@ from __future__ import annotations from typing import TYPE_CHECKING, List, Dict, Any +from jwcrypto import jwk from keycloak.keycloak_admin import KeycloakAdmin from keycloak.openid_connection import KeycloakOpenIDConnection from keycloak.keycloak_openid import KeycloakOpenID @@ -11,6 +12,7 @@ from biodm.exceptions import ( KeycloakUnavailableError, FailedDelete, FailedUpdate, FailedCreate, TokenDecodingError ) +from biodm.utils.security import UserInfo if TYPE_CHECKING: from biodm.api import Api @@ -26,28 +28,18 @@ def __init__( host: str, realm: str, public_key: str, - admin: str, - admin_password: Secret, client_id: str, client_secret: Secret, - jwt_options: dict + # jwt_options: dict ) -> None: super().__init__(app=app) from biodm.utils.security import UserInfo # Set for token decoding. UserInfo.kc = self - - self.jwt_options = jwt_options + self.host = host + self.realm = realm self.public_key = public_key try: - self._connexion = KeycloakOpenIDConnection( - server_url=host, - user_realm_name="master", - realm_name=realm, - username=admin, - password=str(admin_password), - verify=True, - ) self._openid = KeycloakOpenID( server_url=host, realm_name=realm, @@ -59,10 +51,18 @@ def __init__( f"Failed to initialize connection to Keycloak: {e.error_message}" ) from e - @property - def admin(self): - """Admin connection.""" - return KeycloakAdmin(connection=self._connexion) + def admin(self, token: str): + """Returns an admin connection, from token.""" + conn = KeycloakOpenIDConnection( + realm_name=self.realm, + server_url=self.host, + token={ + 'access_token': token, + 'expires_in': 3600, + }, + verify=True + ) + return KeycloakAdmin(connection=conn) @property def openid(self): @@ -71,28 +71,34 @@ def openid(self): @property def endpoint(self): - return self.admin.server_url + return self.openid.connection.base_url async def auth_url(self, redirect_uri: str): """Authentication URL.""" - return self.openid.auth_url(redirect_uri=redirect_uri, scope="openid", state="") + return await self.openid.a_auth_url(redirect_uri=redirect_uri, scope="openid", state="") async def redeem_code_for_token(self, code: str, redirect_uri: str): """Code for token.""" - return self.openid.token( + return await self.openid.a_token( grant_type="authorization_code", code=code, redirect_uri=redirect_uri ) async def decode_token(self, token: str): """Decode token.""" def enclose_idrsa(idrsa) -> str: - return f"-----BEGIN PUBLIC KEY-----\n {idrsa} \n-----END PUBLIC KEY-----" + key = ( + "-----BEGIN PUBLIC KEY-----\n" + + idrsa + + "\n-----END PUBLIC KEY-----" + ).encode('utf-8') + return jwk.JWK.from_pem(key) + try: - return self.openid.decode_token( - token, key=enclose_idrsa(self.public_key), options=self.jwt_options + return await self.openid.a_decode_token( + token, key=enclose_idrsa(self.public_key) #, options=self.jwt_options ) except Exception as e: - raise TokenDecodingError("Invalid Token") + raise TokenDecodingError(f"Invalid Token: {str(e)}") def _user_data_to_payload(self, data: Dict[str, Any]): payload = { @@ -115,8 +121,7 @@ def _group_data_to_payload(self, data: Dict[str, Any]): for field in ("name", "name_parent") } - async def create_user(self, data: Dict[str, Any], groups: List[str] | None = None) -> str: - groups = groups or [] + async def create_user(self, data: Dict[str, Any], groups: List[str], user_info: UserInfo) -> str: payload = self._user_data_to_payload(data) payload.update({ "enabled": True, @@ -124,102 +129,116 @@ async def create_user(self, data: Dict[str, Any], groups: List[str] | None = Non "groups": [g["path"] for g in data.get("groups", [])] + groups, "emailVerified": False, }) + try: - return self.admin.create_user(payload, exist_ok=True) - except KeycloakError as e: - raise FailedCreate( - "Could not create Keycloak Group with data: " - f"{payload} -- msg: {e.error_message}" - ) from e + return await user_info.keycloak_admin.a_create_user(payload) # , exist_ok=True + except KeycloakError: + return None + # except KeycloakError as e: + # raise FailedCreate( + # "Could not create Keycloak Group with data: " + # f"{payload} -- msg: {e.error_message}" + # ) from e - async def update_user(self, user_id: str, data: Dict[str, Any]): + async def update_user(self, user_id: str, data: Dict[str, Any], user_info: UserInfo): """Update user.""" try: - return self.admin.update_user(user_id=user_id, payload=data) - except KeycloakError as e: - raise FailedUpdate( - "Could not update Keycloak " - f"User(id={user_id}) with data: {data} -- msg: {e.error_message}." - ) from e + return await user_info.keycloak_admin.a_update_user(user_id=user_id, payload=data) + except KeycloakError: + return None + # except KeycloakError as e: + # raise FailedUpdate( + # "Could not update Keycloak " + # f"User(id={user_id}) with data: {data} -- msg: {e.error_message}." + # ) from e - async def delete_user(self, user_id: str) -> None: + async def delete_user(self, user_id: str, user_info: UserInfo) -> None: """Delete user with this id.""" try: - self.admin.delete_user(user_id) + await user_info.keycloak_admin.a_delete_user(user_id) except KeycloakDeleteError as e: raise FailedDelete( "Could not delete Keycloak " f"User(id={user_id}): {e.error_message}." ) from e - async def create_group(self, name: str, parent: str | None = None) -> str: + async def create_group(self, name: str, parent: str | None, user_info: UserInfo) -> str: """Create group.""" try: - return self.admin.create_group( + return await user_info.keycloak_admin.a_create_group( {"name": name}, - parent=parent + parent=parent, ) - except KeycloakError as e: - raise FailedCreate( - "Could not create Keycloak Group with data: " - f"name={name}, parent={parent} -- msg: {e.error_message}" - ) from e - - async def update_group(self, group_id: str, data: Dict[str, Any]): + except KeycloakError: + return None + # skip_exists=True + # except KeycloakError as e: + # raise FailedCreate( + # "Could not create Keycloak Group with data: " + # f"name={name}, parent={parent} -- msg: {e.error_message}" + # ) from e + + async def update_group(self, group_id: str, data: Dict[str, Any], user_info: UserInfo): """Update group.""" try: - return self.admin.update_group(group_id=group_id, payload=data) - except KeycloakError as e: - raise FailedUpdate( - "Could not update Keycloak " - f"Group(id={group_id}) with data: {data} -- msg: {e.error_message}." - ) from e + return await user_info.keycloak_admin.a_update_group(group_id=group_id, payload=data) + except KeycloakError: + return None + # except KeycloakError as e: + # raise FailedUpdate( + # "Could not update Keycloak " + # f"Group(id={group_id}) with data: {data} -- msg: {e.error_message}." + # ) from e - async def delete_group(self, user_id: str): + async def delete_group(self, user_id: str, user_info: UserInfo): """Delete group with this id.""" try: - return self.admin.delete_group(user_id) + return await user_info.keycloak_admin.a_delete_group(user_id) except KeycloakDeleteError as e: raise FailedDelete( "Could not delete Keycloak " f"Group(id={user_id}): {e.error_message}." ) from e - async def group_user_add(self, user_id: str, group_id: str): + async def group_user_add(self, user_id: str, group_id: str, user_info: UserInfo): """Add user with user_id to group with group_id.""" try: - return self.admin.group_user_add(user_id, group_id) - except KeycloakError as e: - raise FailedCreate( - "Keycloak failed adding " - f"User(id={user_id}) to Group(id={group_id}): {e.error_message}" - ) from e + return await user_info.keycloak_admin.a_group_user_add(user_id, group_id) + except KeycloakError: + return None + # except KeycloakError as e: + # raise FailedCreate( + # "Keycloak failed adding " + # f"User(id={user_id}) to Group(id={group_id}): {e.error_message}" + # ) from e - async def get_user_groups(self, user_id: str): - return self.admin.get_user_groups(user_id) + async def get_user_groups(self, user_id: str, user_info: UserInfo): + return await user_info.keycloak_admin.a_get_user_groups(user_id) - async def get_group(self, id: str): - return self.admin.get_group(id) + async def get_group(self, id: str, user_info: UserInfo): + return await user_info.keycloak_admin.a_get_group(id) - async def get_group_by_name(self, name: str): + async def get_group_by_name(self, name: str, user_info: UserInfo): try: - # query = {"name": name, "exact": True} query = {"name": f'^{name}$', "exact": "true"} - groups = self.admin.get_groups(query=query) + groups = await user_info.keycloak_admin.a_get_groups(query=query) if len(groups) == 1: return groups[0] return None except KeycloakGetError: return None - async def get_group_by_path(self, path: str): + async def get_group_by_path(self, path: str, user_info: UserInfo): try: - return self.admin.get_group_by_path(path) + return await user_info.keycloak_admin.a_get_group_by_path(path) except KeycloakGetError: return None - async def get_user_by_username(self, username: str): - users = self.admin.get_users({"username": username}) - if len(users) > 0: - return users[0] + async def get_user_by_username(self, username: str, user_info: UserInfo): + try: + users = await user_info.keycloak_admin.a_get_users({"username": username}) + if len(users) > 0: + return users[0] + except KeycloakGetError: + pass return None diff --git a/src/example/.env b/src/example/.env index 8925c1d..aeb2b98 100644 --- a/src/example/.env +++ b/src/example/.env @@ -17,8 +17,6 @@ S3_SECRET_ACCESS_KEY="12345678" KC_HOST="http://10.10.0.3:8080" KC_REALM="3TR" KC_PUBLIC_KEY="MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0juOxC3+S97HFnlmRgWqUaSpTlscaH6IQaoLuqXFYakDJCV6WU0andDRQFJH8CeOaiVx84J1g7m/cNzxX6Ilz+0MZ6mnBFShaGY0+Qk6zIipFU2ehWQtAm0IWGwQipXC2enlXLIglRXJJepH7jOxC+fyY+f++09+68KuNAAUL8IjvZRMCu/AV3qlm6zdeCztTxy8eiBH9shg+wNLRpWczfMBAHetqqpzy9kVhVizHFdSxd21yESRce7iUQn+KzwsGzBve0Ds68GzhgyUXYjXV/sQ3jaNqDAy+qiCkv0nXKPBxVFUstPQQJvhlQ4gZW7SUdIV3IynBXckpGQhE24tcQIDAQAB" -KC_ADMIN="admin" -KC_ADMIN_PASSWORD="1234" KC_CLIENT_ID="submission_client" KC_CLIENT_SECRET="38wBvfSVS7fa3LprqSL5YCDPaMUY1bTl" diff --git a/src/requirements/common.txt b/src/requirements/common.txt index 56bd7f1..186d379 100644 --- a/src/requirements/common.txt +++ b/src/requirements/common.txt @@ -1,11 +1,11 @@ aiosqlite==0.20.0 -apispec==6.6.1 -asyncpg==0.29.0 -boto3==1.34.65 -botocore==1.34.65 +apispec==6.7.1 +asyncpg==0.30.0 +boto3==1.35.54 +botocore==1.35.54 databases==0.9.0 -marshmallow==3.20.2 -python-keycloak==3.9.1 -SQLAlchemy==2.0.30 -starlette==0.41.0 +marshmallow==3.23.1 +python-keycloak==4.2.0 +SQLAlchemy==2.0.36 +starlette==0.41.2 starlette-apispec==2.2.1 diff --git a/src/tests/integration/kc/conftest.py b/src/tests/integration/kc/conftest.py index 215f1d9..703f452 100644 --- a/src/tests/integration/kc/conftest.py +++ b/src/tests/integration/kc/conftest.py @@ -8,7 +8,7 @@ ADMIN_USERNAME = 'admin' -ADMIN_PASSWORD = '1234' +ADMIN_PASSWORD = '12345' @pytest.fixture(scope="session", autouse=True) diff --git a/src/tests/integration/kc/test_keycloak.py b/src/tests/integration/kc/test_keycloak.py index 7186615..943542a 100644 --- a/src/tests/integration/kc/test_keycloak.py +++ b/src/tests/integration/kc/test_keycloak.py @@ -51,18 +51,6 @@ def test_update_user(srv_endpoint, utils, admin_header): assert json_response["lastName"] == user_test["lastName"] -def test_create_user_no_passwd(srv_endpoint, utils, admin_header): - user_no_passwd = {"username": "u_no_passwd"} - response = requests.post( - f'{srv_endpoint}/users', - data=utils.json_bytes(user_no_passwd), - headers=admin_header - ) - - assert response.status_code == 400 - assert "Missing password in order to create User." in response.text - - def test_create_group(srv_endpoint, utils, admin_header): """""" group = {"path": "g_test"}