From a8a5197857abd2c8d56cd3c38e47c7ec097a8365 Mon Sep 17 00:00:00 2001 From: Anthony Viard Date: Thu, 13 Apr 2023 15:43:04 +0200 Subject: [PATCH 1/5] [ENG-4752] Remove import user file since users are included in the realm definition file --- generators/server/files.js | 5 -- .../realm-config/jhipster-users-0.json.ejs | 64 ------------------- 2 files changed, 69 deletions(-) delete mode 100644 generators/server/templates/src/main/docker/config/realm-config/jhipster-users-0.json.ejs diff --git a/generators/server/files.js b/generators/server/files.js index a4cf7f28..8e6fdeee 100644 --- a/generators/server/files.js +++ b/generators/server/files.js @@ -30,11 +30,6 @@ const entandoServerFiles = { file: 'config/realm-config/jhipster-realm.json', renameTo: () => 'keycloak/realm-config/jhipster-realm.json', }, - { - file: 'config/realm-config/jhipster-users-0.json', - method: 'copy', - renameTo: () => 'keycloak/realm-config/jhipster-users-0.json', - }, { file: 'keycloak-db/entando-placeholder', method: 'copy', diff --git a/generators/server/templates/src/main/docker/config/realm-config/jhipster-users-0.json.ejs b/generators/server/templates/src/main/docker/config/realm-config/jhipster-users-0.json.ejs deleted file mode 100644 index 1542cf1c..00000000 --- a/generators/server/templates/src/main/docker/config/realm-config/jhipster-users-0.json.ejs +++ /dev/null @@ -1,64 +0,0 @@ -{ - "realm" : "jhipster", - "users" : [ { - "id" : "4c973896-5761-41fc-8217-07c5d13a004b", - "createdTimestamp" : 1505479415590, - "username" : "admin", - "enabled" : true, - "totp" : false, - "emailVerified" : true, - "firstName" : "Admin", - "lastName" : "Administrator", - "email" : "admin@localhost", - "credentials" : [ { - "type" : "password", - "hashedSaltedValue" : "4pf9K2jWSCcHC+CwsZP/qidN5pSmDUe6AX6wBerSGdBVKkExay8MWKx+EKmaaObZW6FVsD8vdW/ZsyUFD9gJ1Q==", - "salt" : "1/qNkZ5kr77jOMOBPBogGw==", - "hashIterations" : 27500, - "counter" : 0, - "algorithm" : "pbkdf2-sha256", - "digits" : 0, - "period" : 0, - "createdDate" : 1505479429154, - "config" : { } - } ], - "disableableCredentialTypes" : [ "password" ], - "requiredActions" : [ ], - "realmRoles" : [ "offline_access", "uma_authorization" ], - "clientRoles" : { - "account" : [ "view-profile", "manage-account" ] - }, - "notBefore" : 0, - "groups" : [ "/Users", "/Admins" ] - }, { - "id" : "c4af4e2f-b432-4c3b-8405-cca86cd5b97b", - "createdTimestamp" : 1505479373742, - "username" : "user", - "enabled" : true, - "totp" : false, - "emailVerified" : true, - "firstName" : "", - "lastName" : "User", - "email" : "user@localhost", - "credentials" : [ { - "type" : "password", - "hashedSaltedValue" : "MbKsMgWPnZyImih8s4SaoCSCq+XIY/c6S9F93sXEidHF1TjPWxCqMkec0+o3860CMLXHt3az61cIJOWI0FW9aw==", - "salt" : "fmpBI1r8R1u75hDLMUlwBw==", - "hashIterations" : 27500, - "counter" : 0, - "algorithm" : "pbkdf2-sha256", - "digits" : 0, - "period" : 0, - "createdDate" : 1505479392766, - "config" : { } - } ], - "disableableCredentialTypes" : [ "password" ], - "requiredActions" : [ ], - "realmRoles" : [ "offline_access", "uma_authorization" ], - "clientRoles" : { - "account" : [ "view-profile", "manage-account" ] - }, - "notBefore" : 0, - "groups" : [ "/Users" ] - } ] -} From 046cdb3f7d916c3f3d364ce3e7d09594bea60873 Mon Sep 17 00:00:00 2001 From: Anthony Viard Date: Thu, 13 Apr 2023 15:43:31 +0200 Subject: [PATCH 2/5] [ENG-4752] Update the realm definition with JHipster 7.9.3 --- .../realm-config/jhipster-realm.json.ejs | 1556 ++++++++++++----- 1 file changed, 1077 insertions(+), 479 deletions(-) diff --git a/generators/server/templates/src/main/docker/config/realm-config/jhipster-realm.json.ejs b/generators/server/templates/src/main/docker/config/realm-config/jhipster-realm.json.ejs index 815acb68..d1d84f60 100644 --- a/generators/server/templates/src/main/docker/config/realm-config/jhipster-realm.json.ejs +++ b/generators/server/templates/src/main/docker/config/realm-config/jhipster-realm.json.ejs @@ -1,7 +1,9 @@ { "id": "jhipster", "realm": "jhipster", + "displayName": "JHipster", "notBefore": 0, + "defaultSignatureAlgorithm": "RS256", "revokeRefreshToken": false, "refreshTokenMaxReuse": 0, "accessTokenLifespan": 300, @@ -13,11 +15,17 @@ "offlineSessionIdleTimeout": 2592000, "offlineSessionMaxLifespanEnabled": false, "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, "accessCodeLifespan": 60, "accessCodeLifespanUserAction": 300, "accessCodeLifespanLogin": 1800, "actionTokenGeneratedByAdminLifespan": 43200, "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, "enabled": true, "sslRequired": "external", "registrationAllowed": false, @@ -39,7 +47,7 @@ "roles": { "realm": [ { - "id": "a2350d85-938e-440c-847c-35086fe0f1d8", + "id": "8e986fb5-dafb-43bf-a7c2-7e57572d3d80", "name": "ROLE_ADMIN", "description": "Jhipster administrator role", "composite": false, @@ -48,7 +56,7 @@ "attributes": {} }, { - "id": "932ca70d-a311-42f9-9042-431cef835b9e", + "id": "e1b19afd-f612-4a79-bdf8-26a99b89b10b", "name": "offline_access", "description": "${role_offline-access}", "composite": false, @@ -57,7 +65,7 @@ "attributes": {} }, { - "id": "8b1a0e78-24be-49ed-bc74-6471bd8d0f8f", + "id": "ec5705e1-fc1d-4d21-8364-abd3bd4efcd0", "name": "ROLE_USER", "description": "Jhipster user role", "composite": false, @@ -66,7 +74,28 @@ "attributes": {} }, { - "id": "96c0124c-0f00-4769-8cd3-f7dfd74a0af3", + "id": "d2b73e7b-a2d7-40e9-8ebc-2af00454e8aa", + "name": "default-roles-jhipster", + "description": "${role_default-roles}", + "composite": true, + "composites": { + "realm": [ + "offline_access", + "uma_authorization" + ], + "client": { + "account": [ + "view-profile", + "manage-account" + ] + } + }, + "clientRole": false, + "containerId": "jhipster", + "attributes": {} + }, + { + "id": "2eec61d0-9581-4dbf-8c7b-f32dc5fac3ce", "name": "uma_authorization", "description": "${role_uma_authorization}", "composite": false, @@ -76,46 +105,28 @@ } ], "client": { - "internal": [ - { - "id": "6ceaaca5-30a4-444b-9078-723b7cc13591", - "name": "uma_protection", - "composite": false, - "clientRole": true, - "containerId": "98ae8603-4547-4218-8fb9-ebc550a0e10b", - "attributes": {} - } - ], + "internal": [], "realm-management": [ { - "id": "2f58d746-0582-47fe-9b67-30809d5ad461", - "name": "query-users", - "description": "${role_query-users}", - "composite": false, - "clientRole": true, - "containerId": "48fb7988-d909-445a-81db-fe825dca0db2", - "attributes": {} - }, - { - "id": "4873b8a8-8035-4b5e-bdd9-99ac74a4a43b", - "name": "query-clients", - "description": "${role_query-clients}", + "id": "a6249a12-d76c-4514-b137-e3018b243e25", + "name": "manage-authorization", + "description": "${role_manage-authorization}", "composite": false, "clientRole": true, - "containerId": "48fb7988-d909-445a-81db-fe825dca0db2", + "containerId": "898488c8-e260-41c5-a463-7ceea14d587a", "attributes": {} }, { - "id": "5aa18f9b-2fb1-4edb-bdde-fb79273eee38", - "name": "view-events", - "description": "${role_view-events}", + "id": "a28bc401-c5ad-4fab-aef4-42629988c10b", + "name": "view-realm", + "description": "${role_view-realm}", "composite": false, "clientRole": true, - "containerId": "48fb7988-d909-445a-81db-fe825dca0db2", + "containerId": "898488c8-e260-41c5-a463-7ceea14d587a", "attributes": {} }, { - "id": "84752518-6f2f-451f-ab59-de3ce6674ba1", + "id": "464bca1f-136f-45de-a7fc-b976a185ce7e", "name": "view-users", "description": "${role_view-users}", "composite": true, @@ -128,143 +139,134 @@ } }, "clientRole": true, - "containerId": "48fb7988-d909-445a-81db-fe825dca0db2", - "attributes": {} - }, - { - "id": "c9fb6965-e734-46b4-a174-fa9d1fb7e1cc", - "name": "manage-events", - "description": "${role_manage-events}", - "composite": false, - "clientRole": true, - "containerId": "48fb7988-d909-445a-81db-fe825dca0db2", + "containerId": "898488c8-e260-41c5-a463-7ceea14d587a", "attributes": {} }, { - "id": "42abef51-b33b-4eb3-8515-3c6b16ca3849", - "name": "manage-identity-providers", - "description": "${role_manage-identity-providers}", + "id": "98c2fa77-d3c8-4f68-b9f4-b79f87efd4a9", + "name": "query-users", + "description": "${role_query-users}", "composite": false, "clientRole": true, - "containerId": "48fb7988-d909-445a-81db-fe825dca0db2", + "containerId": "898488c8-e260-41c5-a463-7ceea14d587a", "attributes": {} }, { - "id": "a3f9ba91-6ed5-47ff-a1cc-384c00cc203d", - "name": "impersonation", - "description": "${role_impersonation}", + "id": "6b82bfdb-c8de-4274-95b4-a683eb4ead50", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", "composite": false, "clientRole": true, - "containerId": "48fb7988-d909-445a-81db-fe825dca0db2", + "containerId": "898488c8-e260-41c5-a463-7ceea14d587a", "attributes": {} }, { - "id": "24493c26-5ea3-4e53-b949-ca27a06ff098", - "name": "manage-users", - "description": "${role_manage-users}", + "id": "3c6b9cfe-80c4-41d5-a5ac-0cadebacfc8d", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", "composite": false, "clientRole": true, - "containerId": "48fb7988-d909-445a-81db-fe825dca0db2", + "containerId": "898488c8-e260-41c5-a463-7ceea14d587a", "attributes": {} }, { - "id": "24ba1589-1141-4836-91bb-ad1b10db4944", - "name": "create-client", - "description": "${role_create-client}", + "id": "23676fb8-235a-4e54-a0d0-9bed1ccbe2f8", + "name": "query-groups", + "description": "${role_query-groups}", "composite": false, "clientRole": true, - "containerId": "48fb7988-d909-445a-81db-fe825dca0db2", + "containerId": "898488c8-e260-41c5-a463-7ceea14d587a", "attributes": {} }, { - "id": "38cbec3e-9ca1-4292-a513-09e86fdcf6b1", - "name": "view-identity-providers", - "description": "${role_view-identity-providers}", + "id": "b71fe952-bb06-4e4a-91ef-2d2714f770e1", + "name": "impersonation", + "description": "${role_impersonation}", "composite": false, "clientRole": true, - "containerId": "48fb7988-d909-445a-81db-fe825dca0db2", + "containerId": "898488c8-e260-41c5-a463-7ceea14d587a", "attributes": {} }, { - "id": "2d8a0ec8-111b-41a2-bf49-7f1ae086c5b1", - "name": "manage-realm", - "description": "${role_manage-realm}", + "id": "0813cbd0-c73d-469d-a54d-84a865c302af", + "name": "manage-events", + "description": "${role_manage-events}", "composite": false, "clientRole": true, - "containerId": "48fb7988-d909-445a-81db-fe825dca0db2", + "containerId": "898488c8-e260-41c5-a463-7ceea14d587a", "attributes": {} }, { - "id": "4ee94804-bc06-4d02-8541-410768b88a49", - "name": "manage-authorization", - "description": "${role_manage-authorization}", + "id": "c7a4f4c1-9089-458c-a765-f6d22ea94690", + "name": "view-authorization", + "description": "${role_view-authorization}", "composite": false, "clientRole": true, - "containerId": "48fb7988-d909-445a-81db-fe825dca0db2", + "containerId": "898488c8-e260-41c5-a463-7ceea14d587a", "attributes": {} }, { - "id": "3774414f-db0d-4928-b080-f22599622e97", - "name": "manage-clients", - "description": "${role_manage-clients}", + "id": "2e1bc884-e9d3-45d2-909c-2777a78ca8ae", + "name": "manage-realm", + "description": "${role_manage-realm}", "composite": false, "clientRole": true, - "containerId": "48fb7988-d909-445a-81db-fe825dca0db2", + "containerId": "898488c8-e260-41c5-a463-7ceea14d587a", "attributes": {} }, { - "id": "2a54d26e-7a55-4fc9-92cb-45e613084562", - "name": "view-realm", - "description": "${role_view-realm}", + "id": "0a05451e-7d64-4e87-b585-f1143ce5752e", + "name": "query-clients", + "description": "${role_query-clients}", "composite": false, "clientRole": true, - "containerId": "48fb7988-d909-445a-81db-fe825dca0db2", + "containerId": "898488c8-e260-41c5-a463-7ceea14d587a", "attributes": {} }, { - "id": "8fdff21b-f46c-407c-b566-ce4fcc4c51d4", - "name": "view-authorization", - "description": "${role_view-authorization}", + "id": "dfad4d08-6d75-42b6-8699-4886e47bc464", + "name": "view-events", + "description": "${role_view-events}", "composite": false, "clientRole": true, - "containerId": "48fb7988-d909-445a-81db-fe825dca0db2", + "containerId": "898488c8-e260-41c5-a463-7ceea14d587a", "attributes": {} }, { - "id": "083a848a-49cb-457f-9615-120be8c74d9e", + "id": "392ed0a3-f6ad-48a1-b201-648037d2b4bd", "name": "realm-admin", "description": "${role_realm-admin}", "composite": true, "composites": { "client": { "realm-management": [ - "query-users", - "query-clients", - "view-events", + "manage-authorization", + "view-realm", "view-users", - "manage-events", + "query-users", "manage-identity-providers", + "view-identity-providers", + "query-groups", "impersonation", - "manage-users", - "create-client", + "manage-events", + "query-clients", "manage-realm", - "view-identity-providers", - "manage-authorization", - "manage-clients", - "view-realm", "view-authorization", + "view-events", "view-clients", - "query-realms", - "query-groups" + "create-client", + "manage-clients", + "manage-users", + "query-realms" ] } }, "clientRole": true, - "containerId": "48fb7988-d909-445a-81db-fe825dca0db2", + "containerId": "898488c8-e260-41c5-a463-7ceea14d587a", "attributes": {} }, { - "id": "11bc32e5-55a6-431d-b6c7-32bd9504d070", + "id": "d7efdf61-affb-42a1-bcb0-b2c30d87a39e", "name": "view-clients", "description": "${role_view-clients}", "composite": true, @@ -276,64 +278,84 @@ } }, "clientRole": true, - "containerId": "48fb7988-d909-445a-81db-fe825dca0db2", + "containerId": "898488c8-e260-41c5-a463-7ceea14d587a", "attributes": {} }, { - "id": "5ea73aac-d0cf-4303-87a4-c9d7f5852734", - "name": "query-realms", - "description": "${role_query-realms}", + "id": "14da8e56-5c8b-4764-96da-250449a32fd4", + "name": "create-client", + "description": "${role_create-client}", "composite": false, "clientRole": true, - "containerId": "48fb7988-d909-445a-81db-fe825dca0db2", + "containerId": "898488c8-e260-41c5-a463-7ceea14d587a", "attributes": {} }, { - "id": "8018bd1e-0b43-4b0c-8e5a-fbf31f8ee6db", - "name": "query-groups", - "description": "${role_query-groups}", + "id": "88e6a9f5-259c-487d-af35-2a98da066816", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "898488c8-e260-41c5-a463-7ceea14d587a", + "attributes": {} + }, + { + "id": "932273a7-c02b-43db-81c5-96a0dc45e454", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "898488c8-e260-41c5-a463-7ceea14d587a", + "attributes": {} + }, + { + "id": "e3edf335-cec5-4012-a00d-fcac045052e1", + "name": "query-realms", + "description": "${role_query-realms}", "composite": false, "clientRole": true, - "containerId": "48fb7988-d909-445a-81db-fe825dca0db2", + "containerId": "898488c8-e260-41c5-a463-7ceea14d587a", "attributes": {} } ], + "jhipster-control-center": [], "security-admin-console": [], "web_app": [], - "admin-cli": [],<% if (serviceDiscoveryType === 'eureka') { %> + "admin-cli": [], + "account-console": [],<% if (serviceDiscoveryEureka) { %> "jhipster-registry": [],<% } %> "broker": [ { - "id": "225066d4-4a07-4550-a851-3d9359cbbac2", + "id": "5b08a930-9f1d-4030-ae75-92c1e4c9352c", "name": "read-token", "description": "${role_read-token}", "composite": false, "clientRole": true, - "containerId": "274afcdb-7742-4a3a-acc5-17db61a4d200", + "containerId": "88e1225b-f0b9-46ba-8efd-f2c10ce23058", "attributes": {} } ], "account": [ { - "id": "354b3a09-47a6-4051-957c-c6a3ee28a190", + "id": "a88c56b8-6bc9-418a-92bc-7a17e7707f60", "name": "view-profile", "description": "${role_view-profile}", "composite": false, "clientRole": true, - "containerId": "e07da50b-cddc-4524-b630-436a5a6ba8ab", + "containerId": "6cc5a716-0880-47dc-b714-9a4967246b2f", "attributes": {} }, { - "id": "8d650dc2-d0e7-4ad7-8193-3ce1b7361b02", - "name": "manage-account-links", - "description": "${role_manage-account-links}", + "id": "0cb954ab-987f-482a-b2d7-0d481ba1d532", + "name": "view-applications", + "description": "${role_view-applications}", "composite": false, "clientRole": true, - "containerId": "e07da50b-cddc-4524-b630-436a5a6ba8ab", + "containerId": "6cc5a716-0880-47dc-b714-9a4967246b2f", "attributes": {} }, { - "id": "21b65e52-b4e3-453e-b0f0-10a44a4a887d", + "id": "6450156d-7526-48f2-8ea0-bb1e51f9eefa", "name": "manage-account", "description": "${role_manage-account}", "composite": true, @@ -345,7 +367,50 @@ } }, "clientRole": true, - "containerId": "e07da50b-cddc-4524-b630-436a5a6ba8ab", + "containerId": "6cc5a716-0880-47dc-b714-9a4967246b2f", + "attributes": {} + }, + { + "id": "e5b2ba76-4c36-4ba1-b210-89a1ac3c6bbe", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "6cc5a716-0880-47dc-b714-9a4967246b2f", + "attributes": {} + }, + { + "id": "35537940-67a6-4217-881b-1ff98109b374", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": [ + "view-consent" + ] + } + }, + "clientRole": true, + "containerId": "6cc5a716-0880-47dc-b714-9a4967246b2f", + "attributes": {} + }, + { + "id": "5ebf404b-7805-4da2-abb4-9db7d3b36120", + "name": "delete-account", + "description": "${role_delete-account}", + "composite": false, + "clientRole": true, + "containerId": "6cc5a716-0880-47dc-b714-9a4967246b2f", + "attributes": {} + }, + { + "id": "a7f45fab-19c3-4c48-aca3-85f828ca0fed", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "6cc5a716-0880-47dc-b714-9a4967246b2f", "attributes": {} } ] @@ -353,7 +418,7 @@ }, "groups": [ { - "id": "c4255caa-6cf7-40fb-8d5a-1b8799a438b8", + "id": "afb0c768-ab0f-454c-a8ea-bc9e70b50248", "name": "Admins", "path": "/Admins", "attributes": {}, @@ -364,7 +429,7 @@ "subGroups": [] }, { - "id": "ab0947d8-3b91-42a0-81e7-953a3c207316", + "id": "672767bb-4ab0-4d37-93a1-9b6c2416b6b2", "name": "Users", "path": "/Users", "attributes": {}, @@ -375,10 +440,14 @@ "subGroups": [] } ], - "defaultRoles": [ - "offline_access", - "uma_authorization" - ], + "defaultRole": { + "id": "d2b73e7b-a2d7-40e9-8ebc-2af00454e8aa", + "name": "default-roles-jhipster", + "description": "${role_default-roles}", + "composite": true, + "clientRole": false, + "containerId": "jhipster" + }, "requiredCredentials": [ "password" ], @@ -392,6 +461,48 @@ "FreeOTP", "Google Authenticator" ], + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "users": [ + { + "id": "f742ba6f-1d8a-4dec-bf15-e02dab508283", + "createdTimestamp": 1598681172054, + "username": "service-account-internal", + "enabled": true, + "totp": false, + "emailVerified": false, + "serviceAccountClientId": "internal", + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-jhipster" + ], + "notBefore": 0, + "groups": [] + } + ], "scopeMappings": [ { "clientScope": "offline_access", @@ -400,22 +511,30 @@ ] } ], + "clientScopeMappings": { + "account": [ + { + "client": "account-console", + "roles": [ + "manage-account" + ] + } + ] + }, "clients": [ { - "id": "e07da50b-cddc-4524-b630-436a5a6ba8ab", + "id": "6cc5a716-0880-47dc-b714-9a4967246b2f", "clientId": "account", "name": "${client_account}", - "baseUrl": "/auth/realms/jhipster/account", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/jhipster/account/", "surrogateAuthRequired": false, "enabled": true, + "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", - "defaultRoles": [ - "manage-account", - "view-profile" - ], "redirectUris": [ - "/auth/realms/jhipster/account/*" + "/realms/jhipster/account/*" ], "webOrigins": [], "notBefore": 0, @@ -428,13 +547,14 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", - "role_list", "roles", "profile", "email" @@ -442,15 +562,72 @@ "optionalClientScopes": [ "address", "phone", - "offline_access" + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "fb0a4870-06db-4f9d-9d44-baf51a00cc34", + "clientId": "account-console", + "name": "${client_account-console}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/jhipster/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", + "redirectUris": [ + "/realms/jhipster/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "c5c4ebe5-d009-4f96-b143-1b36d770eafb", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], + "defaultClientScopes": [ + "web-origins", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" ] }, { - "id": "5a9610bf-6a47-46a1-9442-9e43eacd98e8", + "id": "bb166356-838d-445e-94e3-9330ad7ab51b", "clientId": "admin-cli", "name": "${client_admin-cli}", "surrogateAuthRequired": false, "enabled": true, + "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [], @@ -465,13 +642,14 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", - "role_list", "roles", "profile", "email" @@ -479,15 +657,17 @@ "optionalClientScopes": [ "address", "phone", - "offline_access" + "offline_access", + "microprofile-jwt" ] }, { - "id": "274afcdb-7742-4a3a-acc5-17db61a4d200", + "id": "88e1225b-f0b9-46ba-8efd-f2c10ce23058", "clientId": "broker", "name": "${client_broker}", "surrogateAuthRequired": false, "enabled": true, + "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [], @@ -502,13 +682,14 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ "web-origins", - "role_list", "roles", "profile", "email" @@ -516,14 +697,16 @@ "optionalClientScopes": [ "address", "phone", - "offline_access" + "offline_access", + "microprofile-jwt" ] }, { - "id": "98ae8603-4547-4218-8fb9-ebc550a0e10b", + "id": "10e6ea34-9f1e-49ef-8e28-7eb851459694", "clientId": "internal", "surrogateAuthRequired": false, "enabled": true, + "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "internal", "redirectUris": [], @@ -535,7 +718,6 @@ "implicitFlowEnabled": false, "directAccessGrantsEnabled": false, "serviceAccountsEnabled": true, - "authorizationServicesEnabled": true, "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", @@ -544,6 +726,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "saml.server.signature": "false", "saml.server.signature.keyinfo.ext": "false", "exclude.session.state.from.auth.response": "false", @@ -559,7 +742,7 @@ "nodeReRegistrationTimeout": -1, "protocolMappers": [ { - "id": "46513189-074c-4ba5-bfa7-29bae63faaaf", + "id": "ff2f50b4-5409-4789-bdda-fe731f14fbff", "name": "Client IP Address", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", @@ -574,7 +757,7 @@ } }, { - "id": "974887a2-e14a-4afd-84fc-a848009079ae", + "id": "72f9ae74-9e95-4b7b-a709-5086137410bb", "name": "Client ID", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", @@ -589,7 +772,7 @@ } }, { - "id": "1b1a1f44-66df-4670-badb-46a3d361ec7c", + "id": "029bf6c8-5a19-4798-984c-bdb205d752d5", "name": "Client Host", "protocol": "openid-connect", "protocolMapper": "oidc-usersessionmodel-note-mapper", @@ -606,7 +789,6 @@ ], "defaultClientScopes": [ "web-origins", - "role_list", "roles", "profile", "email" @@ -614,74 +796,36 @@ "optionalClientScopes": [ "address", "phone", - "offline_access" - ], - "authorizationSettings": { - "allowRemoteResourceManagement": false, - "policyEnforcementMode": "ENFORCING", - "resources": [ - { - "name": "Default Resource", - "type": "urn:internal:resources:default", - "ownerManagedAccess": false, - "attributes": {}, - "_id": "9e347a4d-ab6b-4075-9d24-23d20dfd30bc", - "uris": [ - "/*" - ] - } - ], - "policies": [ - { - "id": "ff09b194-0615-4cfd-9851-74adf540dabd", - "name": "Default Policy", - "description": "A policy that grants access only for users within this realm", - "type": "js", - "logic": "POSITIVE", - "decisionStrategy": "AFFIRMATIVE", - "config": { - "code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n" - } - }, - { - "id": "4b5c72cc-b8b8-4bfc-95ac-61815669f985", - "name": "Default Permission", - "description": "A permission that applies to the default resource type", - "type": "resource", - "logic": "POSITIVE", - "decisionStrategy": "UNANIMOUS", - "config": { - "defaultResourceType": "urn:internal:resources:default", - "applyPolicies": "[\"Default Policy\"]" - } - } - ], - "scopes": [] - } - },<% if (serviceDiscoveryType === 'eureka') { %> + "offline_access", + "microprofile-jwt" + ] + }, { - "id": "dfaed4f5-716b-4f9c-a81e-e87f5f0db795", - "clientId": "jhipster-registry", - "rootUrl": "http://localhost:8761", - "adminUrl": "http://localhost:8761", + "id": "1acf7ad0-68cb-46a6-a3e4-8b2f2abecb85", + "clientId": "jhipster-control-center", + "rootUrl": "http://localhost:7419", + "adminUrl": "http://localhost:7419", "surrogateAuthRequired": false, "enabled": true, + "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "jhipster-registry", + "secret": "jhipster-control-center", "redirectUris": [ - "http://127.0.0.1:8761/*", - "http://localhost:8761/*" + "dev.localhost.ionic:*", + "http://127.0.0.1:*", + "http://localhost:*", + "https://127.0.0.1:*", + "https://localhost:*" ], "webOrigins": [ - "http://127.0.0.1:8761/*", - "http://localhost:8761" + "*" ], "notBefore": 0, "bearerOnly": false, "consentRequired": false, "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, + "implicitFlowEnabled": true, + "directAccessGrantsEnabled": false, "serviceAccountsEnabled": false, "publicClient": true, "frontchannelLogout": false, @@ -691,6 +835,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "saml.server.signature": "false", "saml.server.signature.keyinfo.ext": "false", "exclude.session.state.from.auth.response": "false", @@ -707,7 +852,6 @@ "defaultClientScopes": [ "web-origins", "jhipster", - "role_list", "roles", "profile", "email" @@ -715,17 +859,80 @@ "optionalClientScopes": [ "address", "phone", - "offline_access" + "offline_access", + "microprofile-jwt" ] - },<% } %> + },<% if (serviceDiscoveryEureka) { %> { - "id": "48fb7988-d909-445a-81db-fe825dca0db2", - "clientId": "realm-management", - "name": "${client_realm-management}", + "id": "9057870f-8775-448d-a194-1d4e122f44d5", + "clientId": "jhipster-registry", + "rootUrl": "http://localhost:8761", + "adminUrl": "http://localhost:8761", "surrogateAuthRequired": false, "enabled": true, + "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "**********", + "secret": "jhipster-registry", + "redirectUris": [ + "http://127.0.0.1:8761/*", + "http://localhost:8761/*" + ], + "webOrigins": [ + "http://127.0.0.1:8761", + "http://localhost:8761" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "saml.assertion.signature": "false", + "saml.force.post.binding": "false", + "saml.multivalued.roles": "false", + "saml.encrypt": "false", + "post.logout.redirect.uris": "+", + "saml.server.signature": "false", + "saml.server.signature.keyinfo.ext": "false", + "exclude.session.state.from.auth.response": "false", + "saml_force_name_id_format": "false", + "saml.client.signature": "false", + "tls.client.certificate.bound.access.tokens": "false", + "saml.authnstatement": "false", + "display.on.consent.screen": "false", + "saml.onetimeuse.condition": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "jhipster", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + },<% } %> + { + "id": "898488c8-e260-41c5-a463-7ceea14d587a", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "secret": "**********", "redirectUris": [], "webOrigins": [], "notBefore": 0, @@ -738,34 +945,42 @@ "publicClient": false, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "defaultClientScopes": [ - "role_list", + "web-origins", + "roles", "profile", "email" ], "optionalClientScopes": [ "address", "phone", - "offline_access" + "offline_access", + "microprofile-jwt" ] }, { - "id": "0aa176c1-8d28-4a8b-8e97-7e4b49a289ff", + "id": "989d2b96-b820-4f9b-aa17-55e6488b08c8", "clientId": "security-admin-console", "name": "${client_security-admin-console}", - "baseUrl": "/auth/admin/jhipster/console/index.html", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/jhipster/console/", "surrogateAuthRequired": false, "enabled": true, + "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "**********", "redirectUris": [ - "/auth/admin/jhipster/console/*" + "/admin/jhipster/console/*" + ], + "webOrigins": [ + "+" ], - "webOrigins": [], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -776,13 +991,16 @@ "publicClient": true, "frontchannelLogout": false, "protocol": "openid-connect", - "attributes": {}, + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": false, "nodeReRegistrationTimeout": 0, "protocolMappers": [ { - "id": "abfaa4cd-4bc1-4223-be5d-c56c641369f2", + "id": "5fd34289-c644-411a-874c-849475d9d102", "name": "locale", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -799,7 +1017,6 @@ ], "defaultClientScopes": [ "web-origins", - "role_list", "roles", "profile", "email" @@ -807,26 +1024,31 @@ "optionalClientScopes": [ "address", "phone", - "offline_access" + "offline_access", + "microprofile-jwt" ] }, { - "id": "1eabef67-6473-4ba8-b07c-14bdbae4aaed", + "id": "6e8deddb-b4d6-4e2e-b389-b397d3f74fcd", "clientId": "web_app", "rootUrl": "http://localhost:<%= serverPort %>", "adminUrl": "http://localhost:<%= serverPort %>", "surrogateAuthRequired": false, "enabled": true, + "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", "secret": "web_app", "redirectUris": [ - "http://localhost:*", - "https://localhost:*", + "dev.localhost.ionic:*", "http://127.0.0.1:*", + "http://localhost:*", "https://127.0.0.1:*", - "dev.localhost.ionic:*" + "https://localhost:*", + "https://oauth.pstmn.io/v1/callback" + ], + "webOrigins": [ + "*" ], - "webOrigins": ["*"], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -842,6 +1064,7 @@ "saml.force.post.binding": "false", "saml.multivalued.roles": "false", "saml.encrypt": "false", + "post.logout.redirect.uris": "+", "saml.server.signature": "false", "saml.server.signature.keyinfo.ext": "false", "exclude.session.state.from.auth.response": "false", @@ -858,7 +1081,6 @@ "defaultClientScopes": [ "web-origins", "jhipster", - "role_list", "roles", "profile", "email" @@ -866,7 +1088,8 @@ "optionalClientScopes": [ "address", "phone", - "offline_access" + "offline_access", + "microprofile-jwt" ] }, { @@ -914,17 +1137,18 @@ ], "clientScopes": [ { - "id": "1dc1e050-891a-4f5b-ac9d-5ea0c2e3c05e", + "id": "52d73c82-423c-44a8-b2ec-1e13f4cd6065", "name": "address", "description": "OpenID Connect built-in scope: address", "protocol": "openid-connect", "attributes": { - "consent.screen.text": "${addressScopeConsentText}", - "display.on.consent.screen": "true" + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" }, "protocolMappers": [ { - "id": "b9a92105-8ca5-45d1-8a99-626255ac174f", + "id": "98230752-36b9-4755-8661-a7de1926d0d4", "name": "address", "protocol": "openid-connect", "protocolMapper": "oidc-address-mapper", @@ -944,100 +1168,150 @@ ] }, { - "id": "39e1693b-a924-4fbb-b98c-520869771f83", + "id": "44d24405-87bf-4b37-a627-e3fdabb93f50", "name": "email", "description": "OpenID Connect built-in scope: email", "protocol": "openid-connect", "attributes": { - "consent.screen.text": "${emailScopeConsentText}", - "display.on.consent.screen": "true" + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" }, "protocolMappers": [ { - "id": "76f898bc-70e4-4e0a-a259-ae4cb58260f9", - "name": "email verified", + "id": "36800088-6d17-4c18-93e8-2bc93901d8b7", + "name": "email", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "emailVerified", + "user.attribute": "email", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" + "claim.name": "email", + "jsonType.label": "String" } }, { - "id": "e348c7f8-e835-4539-a80b-b588510a82a9", - "name": "email", + "id": "3ea34afd-30b5-4e5d-a836-dbda439dce6f", + "name": "email verified", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "email", + "user.attribute": "emailVerified", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" + "claim.name": "email_verified", + "jsonType.label": "boolean" } } ] }, { - "id": "3880d5d9-fced-4446-97fe-0434f2bb76ea", + "id": "9816de82-24b7-42fe-a85a-1264868ec293", "name": "jhipster", "description": "Jhipster specific claims", "protocol": "openid-connect", "attributes": { + "include.in.token.scope": "false", "display.on.consent.screen": "false" }, "protocolMappers": [ { - "id": "e7c536ca-1711-4ed5-9f21-20a25435f475", + "id": "0f9c9347-aad6-4bff-94f4-e11937f2ad33", + "name": "langKey", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "langKey", + "id.token.claim": "false", + "access.token.claim": "false", + "claim.name": "langKey", + "jsonType.label": "String" + } + }, + { + "id": "69729907-8d1c-4961-81c0-91766f548cc9", + "name": "roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "multivalued": "true", + "userinfo.token.claim": "true", + "id.token.claim": "false", + "access.token.claim": "true", + "claim.name": "roles", + "jsonType.label": "String" + } + }, + { + "id": "336acfe2-a717-492a-9055-5b70e808f42f", "name": "login", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { + "userinfo.token.claim": "true", "user.attribute": "preferred_username", + "id.token.claim": "false", + "access.token.claim": "false", "claim.name": "login", - "jsonType.label": "String", - "userinfo.token.claim": "true" + "jsonType.label": "String" } - }, + } + ] + }, + { + "id": "87d299f2-434f-4abd-8cb0-a16231acd713", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ { - "id": "646e3a98-5f0c-4192-91f0-9719c295b278", - "name": "langKey", + "id": "fce09d51-cb85-4ccd-b83d-865a4d4bf650", + "name": "groups", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { - "user.attribute": "langKey", - "claim.name": "langKey", - "jsonType.label": "String", - "userinfo.token.claim": "true" + "multivalued": "true", + "userinfo.token.claim": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" } }, { - "id": "70b3e85f-e7b4-4c30-9d10-e0b589776951", - "name": "roles", + "id": "3d1ee7e2-b7e1-4504-bd52-b47a2cb10eec", + "name": "upn", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", + "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "roles", - "jsonType.label": "String", - "multivalued": "true", - "userinfo.token.claim": "true" + "claim.name": "upn", + "jsonType.label": "String" } } ] }, { - "id": "5253d2be-3116-4510-ac05-99619ce2494c", + "id": "0399b625-22d7-4d68-b4db-fd1dc2effacc", "name": "offline_access", "description": "OpenID Connect built-in scope: offline_access", "protocol": "openid-connect", @@ -1047,17 +1321,18 @@ } }, { - "id": "0d3b55db-e68b-4c83-91d4-7370a6810a24", + "id": "2b867b2d-3373-43ff-b50f-ea37a5e1c390", "name": "phone", "description": "OpenID Connect built-in scope: phone", "protocol": "openid-connect", "attributes": { - "consent.screen.text": "${phoneScopeConsentText}", - "display.on.consent.screen": "true" + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${phoneScopeConsentText}" }, "protocolMappers": [ { - "id": "bbc582f4-4749-42b8-9c65-71f4edfd3979", + "id": "daa0191b-20d1-4f71-b191-6c48a37e3677", "name": "phone number", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -1072,7 +1347,7 @@ } }, { - "id": "74840763-9b35-4c9a-8789-4008fedc26c2", + "id": "32213de7-12f7-4864-b696-c8e6c5e0c26e", "name": "phone number verified", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -1089,47 +1364,48 @@ ] }, { - "id": "d5de6a8a-8894-4e72-b6ef-f9bf3a7a6541", + "id": "60a44832-9776-449f-94cd-fa8c24a75f35", "name": "profile", "description": "OpenID Connect built-in scope: profile", "protocol": "openid-connect", "attributes": { - "consent.screen.text": "${profileScopeConsentText}", - "display.on.consent.screen": "true" + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${profileScopeConsentText}" }, "protocolMappers": [ { - "id": "ecb34ff7-d27d-4696-b536-0512044b21a9", - "name": "website", + "id": "a59584ab-7a7c-4b23-95b5-be8dbbfadc6f", + "name": "family name", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "website", + "user.attribute": "lastName", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "website", + "claim.name": "family_name", "jsonType.label": "String" } }, { - "id": "f3cf3c8b-891a-48a1-97b3-1d10d55ddecd", - "name": "locale", + "id": "d382c1dc-d5d8-479e-8809-f0a618113a07", + "name": "website", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "locale", + "user.attribute": "website", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "locale", + "claim.name": "website", "jsonType.label": "String" } }, { - "id": "fa3b86c8-abaf-4261-b48d-41cd3cf2dc6a", + "id": "559f86c1-1187-498d-8354-723f4ea5721c", "name": "full name", "protocol": "openid-connect", "protocolMapper": "oidc-full-name-mapper", @@ -1141,82 +1417,82 @@ } }, { - "id": "219532f1-3c5c-4b30-a018-ae99adb6fc87", - "name": "birthdate", + "id": "0925e106-a8e2-4ad1-b75e-4147d185894a", + "name": "updated at", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "birthdate", + "user.attribute": "updatedAt", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "birthdate", + "claim.name": "updated_at", "jsonType.label": "String" } }, { - "id": "c443f4cd-1174-49a7-a2b3-65d5ccde5efa", - "name": "nickname", + "id": "eb8e2c73-5c65-4b53-8d55-46edef61315b", + "name": "locale", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "nickname", + "user.attribute": "locale", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "nickname", + "claim.name": "locale", "jsonType.label": "String" } }, { - "id": "14631b9c-83eb-48ab-a224-29f047015e52", - "name": "username", + "id": "4c109376-01bc-4b69-a3c0-4b830ecad674", + "name": "middle name", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "username", + "user.attribute": "middleName", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "preferred_username", + "claim.name": "middle_name", "jsonType.label": "String" } }, { - "id": "cedd1f1b-951a-4332-9fa1-2edf1a266283", - "name": "middle name", + "id": "b3813956-e556-4b57-a06b-f71b0d6f3d47", + "name": "nickname", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "middleName", + "user.attribute": "nickname", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "middle_name", + "claim.name": "nickname", "jsonType.label": "String" } }, { - "id": "5a33d5e4-e124-412e-be4d-b6b28b41382a", - "name": "family name", + "id": "28beb4c0-029b-4aa5-ad5f-6d824ca67e15", + "name": "username", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "lastName", + "user.attribute": "username", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "family_name", + "claim.name": "preferred_username", "jsonType.label": "String" } }, { - "id": "c4122959-6738-4883-b50a-acd0033a477a", + "id": "53d681bc-ec29-4f57-924b-ff5bd22d4093", "name": "profile", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", @@ -1231,84 +1507,84 @@ } }, { - "id": "d7db1b88-2c3c-419a-91cf-19ad13355a56", - "name": "zoneinfo", + "id": "12ba8e12-157d-4729-918b-0d74fa444fba", + "name": "picture", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", + "user.attribute": "picture", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "zoneinfo", + "claim.name": "picture", "jsonType.label": "String" } }, { - "id": "dfd19868-5c87-4a51-80e0-2a82dfabb16c", - "name": "updated at", + "id": "ddb818fe-8e4a-4b26-9c5d-2467a26af6dc", + "name": "gender", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "updatedAt", + "user.attribute": "gender", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "updated_at", + "claim.name": "gender", "jsonType.label": "String" } }, { - "id": "19551b04-fc0c-44c4-b2bf-966da87ba3c3", - "name": "given name", + "id": "f78b1746-2be1-45f4-9c1e-1f6141ccdb65", + "name": "birthdate", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", + "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "firstName", + "user.attribute": "birthdate", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "given_name", + "claim.name": "birthdate", "jsonType.label": "String" } }, { - "id": "c422b63f-e809-41c2-854c-e801e8e25485", - "name": "gender", + "id": "7723245c-4952-4822-86ae-084048b1f2f2", + "name": "given name", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", + "protocolMapper": "oidc-usermodel-property-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "gender", + "user.attribute": "firstName", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "gender", + "claim.name": "given_name", "jsonType.label": "String" } }, { - "id": "2ccf435c-c255-4715-8dcd-15091f97c5a5", - "name": "picture", + "id": "b192fe9f-aa82-4d7d-b8c7-eb7d1ba888d4", + "name": "zoneinfo", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-attribute-mapper", "consentRequired": false, "config": { "userinfo.token.claim": "true", - "user.attribute": "picture", + "user.attribute": "zoneinfo", "id.token.claim": "true", "access.token.claim": "true", - "claim.name": "picture", + "claim.name": "zoneinfo", "jsonType.label": "String" } } ] }, { - "id": "391f1641-cb22-41a3-a0ed-752d9264aaf5", + "id": "d181691e-b4a6-4063-9eba-6b984402a9a7", "name": "role_list", "description": "SAML role list", "protocol": "saml", @@ -1318,7 +1594,7 @@ }, "protocolMappers": [ { - "id": "7cbb4477-af0c-4394-a754-b72a1b4638e0", + "id": "724b16d4-8a9b-42d8-850f-99ca1ab3c958", "name": "role list", "protocol": "saml", "protocolMapper": "saml-role-list-mapper", @@ -1332,7 +1608,7 @@ ] }, { - "id": "021d9ac1-9650-401c-b2a2-efa2f3e6b70c", + "id": "915fcb95-81da-4e4c-86ee-73f3b52c83e9", "name": "roles", "description": "OpenID Connect scope for add user roles to the access token", "protocol": "openid-connect", @@ -1343,45 +1619,45 @@ }, "protocolMappers": [ { - "id": "bbbd7dc1-63d0-468f-9463-4772833ef2fa", - "name": "client roles", + "id": "12f0b32d-8911-4028-809b-fc1c0e5e9207", + "name": "audience resolve", "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", + "protocolMapper": "oidc-audience-resolve-mapper", "consentRequired": false, - "config": { - "multivalued": "true", - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String" - } + "config": {} }, { - "id": "9271d821-b803-406d-8574-2f5a2693f065", + "id": "5b997b66-937f-46d3-9e8b-70dca949f682", "name": "realm roles", "protocol": "openid-connect", "protocolMapper": "oidc-usermodel-realm-role-mapper", "consentRequired": false, "config": { - "multivalued": "true", "user.attribute": "foo", "access.token.claim": "true", "claim.name": "realm_access.roles", - "jsonType.label": "String" + "jsonType.label": "String", + "multivalued": "true" } }, { - "id": "90b1a715-e12e-4af8-89f6-82a370d57d1a", - "name": "audience resolve", + "id": "cdcd6969-a9aa-4de5-adbe-dc83da4184c5", + "name": "client roles", "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", + "protocolMapper": "oidc-usermodel-client-role-mapper", "consentRequired": false, - "config": {} + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" + } } ] }, { - "id": "84fdcb72-668b-408e-aaea-110d594afe5e", + "id": "2daaac74-636f-4074-87a9-d1aba9dffb96", "name": "web-origins", "description": "OpenID Connect scope for add allowed web origins to the access token", "protocol": "openid-connect", @@ -1392,7 +1668,7 @@ }, "protocolMappers": [ { - "id": "134b3451-cf2d-4ead-8fce-bf24b32f014c", + "id": "752e035f-038d-46ac-b65d-91f863fdd986", "name": "allowed web origins", "protocol": "openid-connect", "protocolMapper": "oidc-allowed-origins-mapper", @@ -1403,24 +1679,25 @@ } ], "defaultDefaultClientScopes": [ - "roles", - "role_list", - "email", "web-origins", - "profile" + "email", + "profile", + "roles", + "role_list" ], "defaultOptionalClientScopes": [ + "offline_access", "phone", "address", - "offline_access" + "microprofile-jwt" ], "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", "xRobotsTag": "none", "xFrameOptions": "SAMEORIGIN", - "xXSSProtection": "1; mode=block", "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection": "1; mode=block", "strictTransportSecurity": "max-age=31536000; includeSubDomains" }, "smtpServer": {}, @@ -1431,76 +1708,43 @@ "enabledEventTypes": [], "adminEventsEnabled": false, "adminEventsDetailsEnabled": false, + "identityProviders": [], + "identityProviderMappers": [], "components": { "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ { - "id": "96bb5289-e057-4a3d-a273-89372bbc8cc0", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "5782d02c-2ba5-47d1-9732-dfaaf0e5cfdf", + "id": "827fde01-dc1b-4c1f-a529-9ef833ca3432", "name": "Allowed Protocol Mapper Types", "providerId": "allowed-protocol-mappers", "subType": "authenticated", "subComponents": {}, "config": { "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "saml-user-property-mapper", - "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper", + "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", + "saml-user-property-mapper", "oidc-address-mapper", + "oidc-full-name-mapper", "saml-role-list-mapper", - "oidc-usermodel-property-mapper", - "oidc-sha256-pairwise-sub-mapper" + "oidc-usermodel-attribute-mapper" ] } }, { - "id": "c8d395e2-dd81-4118-b838-7095be5cc1c8", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", + "id": "0a429e7e-be7a-46b4-b42a-d1f8b265ff16", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", "subComponents": {}, "config": { - "allowed-protocol-mapper-types": [ - "oidc-address-mapper", - "oidc-full-name-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-usermodel-property-mapper", - "saml-user-attribute-mapper", - "saml-user-property-mapper", - "oidc-sha256-pairwise-sub-mapper", - "saml-role-list-mapper" + "allow-default-scopes": [ + "true" ] } }, { - "id": "1175c6f8-2d58-437f-bb21-4660c8c1a62c", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "4bd2778a-908f-4ac3-873f-61e674eecc2f", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "65809493-b60f-4b44-b1dc-28a22772c321", + "id": "5a1ff0b4-250f-48ee-8169-abff30cf7534", "name": "Allowed Client Scopes", "providerId": "allowed-client-templates", "subType": "anonymous", @@ -1512,7 +1756,15 @@ } }, { - "id": "950acf43-614d-47a3-a7c9-d5072433c4b8", + "id": "c79f6629-84a9-467c-81d0-63e20b19f916", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "b6b23ef8-96e8-4e2e-8efe-8003057a8d42", "name": "Max Clients Limit", "providerId": "max-clients", "subType": "anonymous", @@ -1524,7 +1776,7 @@ } }, { - "id": "e2a65f9f-5ad8-4634-ab3a-810409a3e067", + "id": "36dfaa02-0252-4448-9cdf-a17abf239f78", "name": "Trusted Hosts", "providerId": "trusted-hosts", "subType": "anonymous", @@ -1537,13 +1789,48 @@ "true" ] } + }, + { + "id": "8216421d-34fb-4726-8331-137217657bdb", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-address-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-property-mapper", + "saml-user-attribute-mapper", + "saml-role-list-mapper", + "oidc-full-name-mapper", + "oidc-usermodel-property-mapper", + "oidc-sha256-pairwise-sub-mapper" + ] + } + }, + { + "id": "d045f3f9-15e6-4e69-a419-0e7ff8a635ef", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + } + ], + "org.keycloak.userprofile.UserProfileProvider": [ + { + "id": "b05ccf0d-d8ac-4695-bd60-37018f8f94b4", + "providerId": "declarative-user-profile", + "subComponents": {}, + "config": {} } ], "org.keycloak.keys.KeyProvider": [ { - "id": "8ab3be1d-3e01-4eb6-8ff2-d116b02ffc48", - "name": "aes-generated", - "providerId": "aes-generated", + "id": "62707fae-58f9-4fc2-89fb-0c5d212dc3dc", + "name": "rsa-generated", + "providerId": "rsa-generated", "subComponents": {}, "config": { "priority": [ @@ -1552,20 +1839,23 @@ } }, { - "id": "2a3661d8-3594-4872-881a-9f2d394b675d", - "name": "rsa-generated", - "providerId": "rsa-generated", + "id": "4a8480bc-96fd-4906-a907-f948a73bab38", + "name": "hmac-generated", + "providerId": "hmac-generated", "subComponents": {}, "config": { "priority": [ "100" + ], + "algorithm": [ + "HS256" ] } }, { - "id": "1d291cea-3d41-41cb-9ab6-ef1513fe3fe8", - "name": "hmac-generated", - "providerId": "hmac-generated", + "id": "40c01a32-0c0b-4dbb-9595-e5a5c8d26bc4", + "name": "aes-generated", + "providerId": "aes-generated", "subComponents": {}, "config": { "priority": [ @@ -1579,7 +1869,145 @@ "supportedLocales": [], "authenticationFlows": [ { - "id": "1f5693dd-ab41-4743-9881-5502303877ad", + "id": "491fbbc9-b70b-45bd-8243-2039ae3f115d", + "alias": "Account verification options", + "description": "Method with which to verity the existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "2c63ad60-76ab-4350-9def-74328bab70d0", + "alias": "Authentication Options", + "description": "Authentication options.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "basic-auth", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "basic-auth-otp", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 30, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "82b9b584-2243-4893-b58c-4567f34434a6", + "alias": "Browser - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "e70e7c74-8ab5-411c-b06c-d478a452bee3", + "alias": "Direct Grant - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "direct-grant-validate-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "4f3e6fdd-9b4d-4dc0-946a-1e1ccae7af71", + "alias": "First broker login - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "aa66c794-f21b-4663-9de1-9e27a7e425ab", "alias": "Handle Existing Account", "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", "providerId": "basic-flow", @@ -1588,29 +2016,77 @@ "authenticationExecutions": [ { "authenticator": "idp-confirm-link", + "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "userSetupAllowed": false, "autheticatorFlow": false }, { - "authenticator": "idp-email-verification", - "requirement": "ALTERNATIVE", + "authenticatorFlow": true, + "requirement": "REQUIRED", "priority": 20, + "flowAlias": "Account verification options", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "2d4499a0-399c-4b6c-970c-7b441498f7b9", + "alias": "Reset - Conditional OTP", + "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "userSetupAllowed": false, + "autheticatorFlow": false + }, + { + "authenticator": "reset-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "userSetupAllowed": false, + "autheticatorFlow": false + } + ] + }, + { + "id": "710f4172-56a5-466e-bc75-ad7405ff62b5", + "alias": "User creation or linking", + "description": "Flow for the existing/non-existing user alternatives", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, "userSetupAllowed": false, "autheticatorFlow": false }, { + "authenticatorFlow": true, "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "Verify Existing Account by Re-authentication", + "priority": 20, + "flowAlias": "Handle Existing Account", "userSetupAllowed": false, "autheticatorFlow": true } ] }, { - "id": "fcc8e353-3cac-48f0-9d9f-ef09089987ae", + "id": "da7d3a39-7077-4354-9ffc-5b9f79fbaf0d", "alias": "Verify Existing Account by Re-authentication", "description": "Reauthentication of existing account", "providerId": "basic-flow", @@ -1619,22 +2095,24 @@ "authenticationExecutions": [ { "authenticator": "idp-username-password-form", + "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "userSetupAllowed": false, "autheticatorFlow": false }, { - "authenticator": "auth-otp-form", - "requirement": "OPTIONAL", + "authenticatorFlow": true, + "requirement": "CONDITIONAL", "priority": 20, + "flowAlias": "First broker login - Conditional OTP", "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": true } ] }, { - "id": "68f0ba7c-89f8-4c4a-87f3-3b292e47391a", + "id": "6285968e-6200-463a-a329-8c60bc8fe9fc", "alias": "browser", "description": "browser based authentication", "providerId": "basic-flow", @@ -1643,6 +2121,7 @@ "authenticationExecutions": [ { "authenticator": "auth-cookie", + "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, "userSetupAllowed": false, @@ -1650,6 +2129,7 @@ }, { "authenticator": "auth-spnego", + "authenticatorFlow": false, "requirement": "DISABLED", "priority": 20, "userSetupAllowed": false, @@ -1657,12 +2137,14 @@ }, { "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 25, "userSetupAllowed": false, "autheticatorFlow": false }, { + "authenticatorFlow": true, "requirement": "ALTERNATIVE", "priority": 30, "flowAlias": "forms", @@ -1672,7 +2154,7 @@ ] }, { - "id": "07c0064f-27ca-4f2b-9e3c-31bd0967bd8b", + "id": "10393f04-3922-40db-a622-2655dfcae45d", "alias": "clients", "description": "Base authentication for clients", "providerId": "client-flow", @@ -1681,6 +2163,7 @@ "authenticationExecutions": [ { "authenticator": "client-secret", + "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 10, "userSetupAllowed": false, @@ -1688,6 +2171,7 @@ }, { "authenticator": "client-jwt", + "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 20, "userSetupAllowed": false, @@ -1695,6 +2179,7 @@ }, { "authenticator": "client-secret-jwt", + "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 30, "userSetupAllowed": false, @@ -1702,6 +2187,7 @@ }, { "authenticator": "client-x509", + "authenticatorFlow": false, "requirement": "ALTERNATIVE", "priority": 40, "userSetupAllowed": false, @@ -1710,7 +2196,7 @@ ] }, { - "id": "d1fa00f4-caad-428b-b3ab-8020c0198cf3", + "id": "4e5e164e-3c7e-4ca5-a10c-d7b817a7d468", "alias": "direct grant", "description": "OpenID Connect Resource Owner Grant", "providerId": "basic-flow", @@ -1719,6 +2205,7 @@ "authenticationExecutions": [ { "authenticator": "direct-grant-validate-username", + "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "userSetupAllowed": false, @@ -1726,22 +2213,24 @@ }, { "authenticator": "direct-grant-validate-password", + "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "userSetupAllowed": false, "autheticatorFlow": false }, { - "authenticator": "direct-grant-validate-otp", - "requirement": "OPTIONAL", + "authenticatorFlow": true, + "requirement": "CONDITIONAL", "priority": 30, + "flowAlias": "Direct Grant - Conditional OTP", "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": true } ] }, { - "id": "d005236a-57d3-4bf3-abbe-8fdc516e9815", + "id": "80f88b0b-70de-4e4c-ae56-0293558301c5", "alias": "docker auth", "description": "Used by Docker clients to authenticate against the IDP", "providerId": "basic-flow", @@ -1750,6 +2239,7 @@ "authenticationExecutions": [ { "authenticator": "docker-http-basic-authenticator", + "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "userSetupAllowed": false, @@ -1758,7 +2248,7 @@ ] }, { - "id": "a51b4813-e88e-4825-91c5-69686c3b42d0", + "id": "821af41a-6e77-4e8c-85a6-0280d5268909", "alias": "first broker login", "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "providerId": "basic-flow", @@ -1768,30 +2258,24 @@ { "authenticatorConfig": "review profile config", "authenticator": "idp-review-profile", + "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "userSetupAllowed": false, "autheticatorFlow": false }, { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "requirement": "ALTERNATIVE", + "authenticatorFlow": true, + "requirement": "REQUIRED", "priority": 20, - "userSetupAllowed": false, - "autheticatorFlow": false - }, - { - "requirement": "ALTERNATIVE", - "priority": 30, - "flowAlias": "Handle Existing Account", + "flowAlias": "User creation or linking", "userSetupAllowed": false, "autheticatorFlow": true } ] }, { - "id": "36a59bfd-18b6-4f46-a9f4-726f30f73ebf", + "id": "c4058fb0-ad93-4595-96ef-7d4bc5cbef4d", "alias": "forms", "description": "Username, password, otp and other auth forms.", "providerId": "basic-flow", @@ -1800,22 +2284,50 @@ "authenticationExecutions": [ { "authenticator": "auth-username-password-form", + "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "userSetupAllowed": false, "autheticatorFlow": false }, { - "authenticator": "auth-otp-form", - "requirement": "OPTIONAL", + "authenticatorFlow": true, + "requirement": "CONDITIONAL", "priority": 20, + "flowAlias": "Browser - Conditional OTP", + "userSetupAllowed": false, + "autheticatorFlow": true + } + ] + }, + { + "id": "a2a1d056-2521-498f-b345-b7db56f9342c", + "alias": "http challenge", + "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "no-cookie-redirect", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, "userSetupAllowed": false, "autheticatorFlow": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "flowAlias": "Authentication Options", + "userSetupAllowed": false, + "autheticatorFlow": true } ] }, { - "id": "5ce6e8c5-f704-47f2-88eb-91831add3e2d", + "id": "13e68e1b-4b44-4f21-a253-5b2dea24404b", "alias": "registration", "description": "registration flow", "providerId": "basic-flow", @@ -1824,6 +2336,7 @@ "authenticationExecutions": [ { "authenticator": "registration-page-form", + "authenticatorFlow": true, "requirement": "REQUIRED", "priority": 10, "flowAlias": "registration form", @@ -1833,7 +2346,7 @@ ] }, { - "id": "3ffd7a56-1886-4ebe-a9b1-21eb84cfbc80", + "id": "e7588789-22d4-459b-96d6-1b480520f487", "alias": "registration form", "description": "registration form", "providerId": "form-flow", @@ -1842,6 +2355,7 @@ "authenticationExecutions": [ { "authenticator": "registration-user-creation", + "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "userSetupAllowed": false, @@ -1849,6 +2363,7 @@ }, { "authenticator": "registration-profile-action", + "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 40, "userSetupAllowed": false, @@ -1856,6 +2371,7 @@ }, { "authenticator": "registration-password-action", + "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 50, "userSetupAllowed": false, @@ -1863,6 +2379,7 @@ }, { "authenticator": "registration-recaptcha-action", + "authenticatorFlow": false, "requirement": "DISABLED", "priority": 60, "userSetupAllowed": false, @@ -1871,7 +2388,7 @@ ] }, { - "id": "95e8ee3a-6899-4e2e-a7e0-0313e7d100ba", + "id": "8dc399ef-cf7d-46d5-9688-678c146ea8c4", "alias": "reset credentials", "description": "Reset credentials for a user if they forgot their password or something", "providerId": "basic-flow", @@ -1880,6 +2397,7 @@ "authenticationExecutions": [ { "authenticator": "reset-credentials-choose-user", + "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "userSetupAllowed": false, @@ -1887,6 +2405,7 @@ }, { "authenticator": "reset-credential-email", + "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 20, "userSetupAllowed": false, @@ -1894,22 +2413,24 @@ }, { "authenticator": "reset-password", + "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 30, "userSetupAllowed": false, "autheticatorFlow": false }, { - "authenticator": "reset-otp", - "requirement": "OPTIONAL", + "authenticatorFlow": true, + "requirement": "CONDITIONAL", "priority": 40, + "flowAlias": "Reset - Conditional OTP", "userSetupAllowed": false, - "autheticatorFlow": false + "autheticatorFlow": true } ] }, { - "id": "6a39e7bc-725d-4892-b584-88f9829dda59", + "id": "47ab5a7a-f67a-4a66-bdac-932ee230000d", "alias": "saml ecp", "description": "SAML ECP Profile Authentication Flow", "providerId": "basic-flow", @@ -1918,6 +2439,7 @@ "authenticationExecutions": [ { "authenticator": "http-basic-authenticator", + "authenticatorFlow": false, "requirement": "REQUIRED", "priority": 10, "userSetupAllowed": false, @@ -1928,14 +2450,14 @@ ], "authenticatorConfig": [ { - "id": "ce2f1df6-ba9c-446f-8e86-7b592b88b6ab", + "id": "b12be521-4e2b-42f0-a1a2-f1ba47ab4854", "alias": "create unique user config", "config": { "require.password.update.after.registration": "false" } }, { - "id": "5b5b8c41-ef6c-4e22-9881-57c9f5a8e14e", + "id": "58bf2d56-1c45-4acc-9005-23b978d961d7", "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" @@ -1949,7 +2471,7 @@ "providerId": "CONFIGURE_TOTP", "enabled": true, "defaultAction": false, - "priority": 0, + "priority": 10, "config": {} }, { @@ -1958,7 +2480,7 @@ "providerId": "terms_and_conditions", "enabled": false, "defaultAction": false, - "priority": 0, + "priority": 20, "config": {} }, { @@ -1967,7 +2489,7 @@ "providerId": "UPDATE_PASSWORD", "enabled": true, "defaultAction": false, - "priority": 0, + "priority": 30, "config": {} }, { @@ -1976,7 +2498,7 @@ "providerId": "UPDATE_PROFILE", "enabled": true, "defaultAction": false, - "priority": 0, + "priority": 40, "config": {} }, { @@ -1985,7 +2507,25 @@ "providerId": "VERIFY_EMAIL", "enabled": true, "defaultAction": false, - "priority": 0, + "priority": 50, + "config": {} + }, + { + "alias": "delete_account", + "name": "Delete Account", + "providerId": "delete_account", + "enabled": false, + "defaultAction": false, + "priority": 60, + "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, "config": {} } ], @@ -1996,26 +2536,84 @@ "clientAuthenticationFlow": "clients", "dockerAuthenticationFlow": "docker auth", "attributes": { - "_browser_header.xXSSProtection": "1; mode=block", - "_browser_header.xFrameOptions": "SAMEORIGIN", - "_browser_header.strictTransportSecurity": "max-age=31536000; includeSubDomains", - "permanentLockout": "false", - "quickLoginCheckMilliSeconds": "1000", - "_browser_header.xRobotsTag": "none", - "maxFailureWaitSeconds": "900", - "minimumQuickLoginWaitSeconds": "60", - "failureFactor": "30", - "actionTokenGeneratedByUserLifespan": "300", - "maxDeltaTimeSeconds": "43200", - "_browser_header.xContentTypeOptions": "nosniff", - "offlineSessionMaxLifespan": "5184000", - "actionTokenGeneratedByAdminLifespan": "43200", - "_browser_header.contentSecurityPolicyReportOnly": "", - "bruteForceProtected": "false", - "_browser_header.contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "waitIncrementSeconds": "60", - "offlineSessionMaxLifespanEnabled": "false" + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaExpiresIn": "120", + "cibaAuthRequestedUserHint": "login_hint", + "oauth2DeviceCodeLifespan": "600", + "clientOfflineSessionMaxLifespan": "0", + "oauth2DevicePollingInterval": "5", + "clientSessionIdleTimeout": "0", + "clientSessionMaxLifespan": "0", + "parRequestUriLifespan": "60", + "clientOfflineSessionIdleTimeout": "0", + "cibaInterval": "5", + "frontendUrl": "", + "acr.loa.map": "[]" + }, + "keycloakVersion": "18.0.2", + "userManagedAccessAllowed": false, + "clientProfiles": { + "profiles": [] }, - "keycloakVersion": "7.0.1", - "userManagedAccessAllowed": false + "clientPolicies": { + "policies": [] + }, + "users": [ + { + "id": "4c973896-5761-41fc-8217-07c5d13a004b", + "createdTimestamp": 1505479415590, + "username": "admin", + "enabled": true, + "totp": false, + "emailVerified": true, + "firstName": "Admin", + "lastName": "Administrator", + "email": "admin@localhost", + "credentials": [ + { + "id": "b860462b-9b02-48ba-9523-d3a8926a917b", + "type": "password", + "createdDate": 1505479429154, + "secretData": "{\"value\":\"4pf9K2jWSCcHC+CwsZP/qidN5pSmDUe6AX6wBerSGdBVKkExay8MWKx+EKmaaObZW6FVsD8vdW/ZsyUFD9gJ1Q==\",\"salt\":\"1/qNkZ5kr77jOMOBPBogGw==\"}", + "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": ["offline_access", "uma_authorization"], + "clientRoles": { + "account": ["view-profile", "manage-account"] + }, + "notBefore": 0, + "groups": ["/Admins", "/Users"] + }, + { + "id": "c4af4e2f-b432-4c3b-8405-cca86cd5b97b", + "createdTimestamp": 1505479373742, + "username": "user", + "enabled": true, + "totp": false, + "emailVerified": true, + "firstName": "", + "lastName": "User", + "email": "user@localhost", + "credentials": [ + { + "id": "7821832b-1e82-45a2-b8d3-f1a6ad909e64", + "type": "password", + "createdDate": 1505479392766, + "secretData": "{\"value\":\"MbKsMgWPnZyImih8s4SaoCSCq+XIY/c6S9F93sXEidHF1TjPWxCqMkec0+o3860CMLXHt3az61cIJOWI0FW9aw==\",\"salt\":\"fmpBI1r8R1u75hDLMUlwBw==\"}", + "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\"}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": ["offline_access", "uma_authorization"], + "clientRoles": { + "account": ["view-profile", "manage-account"] + }, + "notBefore": 0, + "groups": ["/Users"] + } + ] } From 2cb814fd110cf4ca85d1f2d829e05c2e8688d272 Mon Sep 17 00:00:00 2001 From: Anthony Viard Date: Thu, 13 Apr 2023 15:44:36 +0200 Subject: [PATCH 3/5] [ENG-4752] change Keycloak migration dir the match the new KC folder and expose ports including the address to avoid errors on local startup if the port is already in use --- .../server/templates/src/main/docker/keycloak.yml.ejs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/generators/server/templates/src/main/docker/keycloak.yml.ejs b/generators/server/templates/src/main/docker/keycloak.yml.ejs index 4bcb7e35..4c570703 100644 --- a/generators/server/templates/src/main/docker/keycloak.yml.ejs +++ b/generators/server/templates/src/main/docker/keycloak.yml.ejs @@ -28,18 +28,18 @@ services: '-Dkeycloak.profile.feature.upload_scripts=enabled', '-Dkeycloak.migration.action=import', '-Dkeycloak.migration.provider=dir', - '-Dkeycloak.migration.dir=/opt/jboss/keycloak/realm-config', + '-Dkeycloak.migration.dir=/opt/keycloak/data/import', '-Dkeycloak.migration.strategy=IGNORE_EXISTING', # use 'OVERWRITE_EXISTING' instead if you want to reset your current configuration '-Djboss.socket.binding.port-offset=1000', ] volumes: - - ./keycloak/realm-config:/opt/jboss/keycloak/realm-config + - ./keycloak/realm-config:/opt/keycloak/data/import - ./keycloak/keycloak-db:/opt/jboss/keycloak/standalone/data environment: - KEYCLOAK_USER=admin - KEYCLOAK_PASSWORD=admin - DB_VENDOR=h2 ports: - - 9080:9080 - - 9443:9443 - - 10990:10990 + - 127.0.0.1:9080:9080 + - 127.0.0.1:9443:9443 + - 127.0.0.1:10990:10990 From bb12dc6cfe0f2f77e309fbf59ec3dd9eb0aabbc5 Mon Sep 17 00:00:00 2001 From: Anthony Viard Date: Thu, 13 Apr 2023 15:45:05 +0200 Subject: [PATCH 4/5] [ENG-4752] Update Keycloak to the last Entando Version 7.2.0 RC-1 --- generators/generator-constants.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/generators/generator-constants.js b/generators/generator-constants.js index 43e131d5..d3847d2b 100644 --- a/generators/generator-constants.js +++ b/generators/generator-constants.js @@ -25,7 +25,7 @@ const SCALA_LIBRARY_VERSION = '2.12.1'; const MBKNOR_JACKSON_JSONSCHEMA_VERSION = '1.0.34'; const SPRING_BOOT_VERSION = '2.7.3'; const ENTANDO_BUNDLE_BOM_VERSION = '7.2.0-ENG-4717-PR-14'; -const ENTANDO_KEYCLOAK_DOCKER_IMAGE = 'entando/entando-keycloak:7.2.0-ENG-4226-PR-32'; +const ENTANDO_KEYCLOAK_DOCKER_IMAGE = 'entando/entando-keycloak:7.2.0-ENGPM-540-rc1'; module.exports = { SQL_DB_OPTIONS, From 5ee61a997c45348faa88fe179fd63aaa36518c0a Mon Sep 17 00:00:00 2001 From: Anthony Viard Date: Thu, 13 Apr 2023 21:34:09 +0200 Subject: [PATCH 5/5] [ENG-4752] Fix tests --- test/server.spec.js | 43 +++++-------------------------------------- 1 file changed, 5 insertions(+), 38 deletions(-) diff --git a/test/server.spec.js b/test/server.spec.js index bdf971e9..f11895ac 100644 --- a/test/server.spec.js +++ b/test/server.spec.js @@ -150,20 +150,20 @@ describe('Subgenerator server of entando JHipster blueprint', () => { assert.fileContent(`${DOCKER_DIR}keycloak.yml`, ENTANDO_KEYCLOAK_DOCKER_IMAGE); assert.fileContent( `${DOCKER_DIR}keycloak.yml`, - 'command: [\n' + + ' command: [\n' + " '-b',\n" + " '0.0.0.0',\n" + " '-Dkeycloak.profile.feature.scripts=enabled',\n" + " '-Dkeycloak.profile.feature.upload_scripts=enabled',\n" + " '-Dkeycloak.migration.action=import',\n" + " '-Dkeycloak.migration.provider=dir',\n" + - " '-Dkeycloak.migration.dir=/opt/jboss/keycloak/realm-config',\n" + + " '-Dkeycloak.migration.dir=/opt/keycloak/data/import',\n" + " '-Dkeycloak.migration.strategy=IGNORE_EXISTING', # use 'OVERWRITE_EXISTING' instead if you want to reset your current configuration\n" + " '-Djboss.socket.binding.port-offset=1000',\n" + ' ]\n' + ' volumes:\n' + - ' - ./keycloak/realm-config:/opt/jboss/keycloak/realm-config\n' + - ' - ./keycloak/keycloak-db:/opt/jboss/keycloak/standalone/data' + ' - ./keycloak/realm-config:/opt/keycloak/data/import\n' + + ' - ./keycloak/keycloak-db:/opt/jboss/keycloak/standalone/data\n' ); }); @@ -218,40 +218,7 @@ describe('Subgenerator server of entando JHipster blueprint', () => { ' "nodeReRegistrationTimeout": -1,\n' + ' "defaultClientScopes": ["web-origins", "jhipster", "role_list", "roles", "profile", "email"],\n' + ' "optionalClientScopes": ["address", "phone", "offline_access"]\n' + - ' }\n' + - ' ],\n' + - ' "clientScopes": [\n' + - ' {\n' + - ' "id": "1dc1e050-891a-4f5b-ac9d-5ea0c2e3c05e",\n' + - ' "name": "address",\n' + - ' "description": "OpenID Connect built-in scope: address",\n' + - ' "protocol": "openid-connect",\n' + - ' "attributes": {\n' + - // eslint-disable-next-line no-template-curly-in-string - ' "consent.screen.text": "${addressScopeConsentText}",\n' + - ' "display.on.consent.screen": "true"\n' + - ' },\n' + - ' "protocolMappers": [\n' + - ' {\n' + - ' "id": "b9a92105-8ca5-45d1-8a99-626255ac174f",\n' + - ' "name": "address",\n' + - ' "protocol": "openid-connect",\n' + - ' "protocolMapper": "oidc-address-mapper",\n' + - ' "consentRequired": false,\n' + - ' "config": {\n' + - ' "user.attribute.formatted": "formatted",\n' + - ' "user.attribute.country": "country",\n' + - ' "user.attribute.postal_code": "postal_code",\n' + - ' "userinfo.token.claim": "true",\n' + - ' "user.attribute.street": "street",\n' + - ' "id.token.claim": "true",\n' + - ' "user.attribute.region": "region",\n' + - ' "access.token.claim": "true",\n' + - ' "user.attribute.locality": "locality"\n' + - ' }\n' + - ' }\n' + - ' ]\n' + - ' },' + ' }' ); });