From 5bad2588a3c7fb8635faadcecbe471eee95b8a20 Mon Sep 17 00:00:00 2001 From: Julian Nodorp Date: Mon, 13 Mar 2023 10:39:16 +0100 Subject: [PATCH] test: add test infrastructure --- README.md | 46 + docker-compose.yaml | 29 + keycloak-realm.json | 2340 ++++++++++++++++++ kind.yaml | 3 + netbird-dashboard/templates/deployment.yaml | 5 +- netbird-dashboard/values.yaml | 13 +- netbird-management/management.tmpl.json | 23 +- netbird-management/templates/deployment.yaml | 36 +- netbird-management/values.yaml | 13 +- 9 files changed, 2472 insertions(+), 36 deletions(-) create mode 100644 docker-compose.yaml create mode 100644 keycloak-realm.json create mode 100644 kind.yaml diff --git a/README.md b/README.md index b04c0e3..33d23a0 100644 --- a/README.md +++ b/README.md @@ -5,3 +5,49 @@ ``` helm repo add jaconi https://charts.jaconi.io ``` + +## Testing + +Create a [kind](https://kind.sigs.k8s.io) cluster: + +``` +kind create cluster --config kind.yaml +``` + +Start [Keycloak](https://www.keycloak.org): + +``` +docker compose up +``` + +Install the Helm charts for testing: + +``` +for f in */Chart.yaml; do + chart=$(dirname $f) + helm install --create-namespace --namespace $chart $chart $chart +done +``` + +After changing things, update the Helm charts: + +``` +for f in */Chart.yaml; do + chart=$(dirname $f) + helm upgrade --namespace $chart $chart $chart +done +``` + +## NetBird + +Forward the NetBird management server to port `8081`: + +``` +kubectl port-forward -n netbird-management service/netbird-management 8081:80 +``` + +Forward the NetBird dashboard to port `8080`: + +``` +kubectl port-forward -n netbird-dashboard service/netbird-dashboard 8080:80 +``` diff --git a/docker-compose.yaml b/docker-compose.yaml new file mode 100644 index 0000000..f4c41cf --- /dev/null +++ b/docker-compose.yaml @@ -0,0 +1,29 @@ +services: + keycloak: + image: quay.io/keycloak/keycloak:21.0 + command: + - start + - --import-realm + environment: + - KEYCLOAK_ADMIN=admin + - KEYCLOAK_ADMIN_PASSWORD=admin + - KC_HOSTNAME_STRICT=false + - KC_HOSTNAME_STRICT_HTTPS=false + - KC_HTTP_PORT=9000 + - KC_PROXY=edge + ports: + - "9000:9000" + networks: + kind: + aliases: + - keycloak.localtest.me + volumes: + - type: bind + source: ./keycloak-realm.json + target: /opt/keycloak/data/import/realm.json + read_only: true + +networks: + kind: + name: kind + external: true diff --git a/keycloak-realm.json b/keycloak-realm.json new file mode 100644 index 0000000..76cdfd8 --- /dev/null +++ b/keycloak-realm.json @@ -0,0 +1,2340 @@ +{ + "id": "5824f018-c4d5-434f-8a42-6f53343f8f0b", + "realm": "helm-charts", + "notBefore": 0, + "defaultSignatureAlgorithm": "RS256", + "revokeRefreshToken": false, + "refreshTokenMaxReuse": 0, + "accessTokenLifespan": 300, + "accessTokenLifespanForImplicitFlow": 900, + "ssoSessionIdleTimeout": 1800, + "ssoSessionMaxLifespan": 36000, + "ssoSessionIdleTimeoutRememberMe": 0, + "ssoSessionMaxLifespanRememberMe": 0, + "offlineSessionIdleTimeout": 2592000, + "offlineSessionMaxLifespanEnabled": false, + "offlineSessionMaxLifespan": 5184000, + "clientSessionIdleTimeout": 0, + "clientSessionMaxLifespan": 0, + "clientOfflineSessionIdleTimeout": 0, + "clientOfflineSessionMaxLifespan": 0, + "accessCodeLifespan": 60, + "accessCodeLifespanUserAction": 300, + "accessCodeLifespanLogin": 1800, + "actionTokenGeneratedByAdminLifespan": 43200, + "actionTokenGeneratedByUserLifespan": 300, + "oauth2DeviceCodeLifespan": 600, + "oauth2DevicePollingInterval": 5, + "enabled": true, + "sslRequired": "external", + "registrationAllowed": false, + "registrationEmailAsUsername": false, + "rememberMe": false, + "verifyEmail": false, + "loginWithEmailAllowed": true, + "duplicateEmailsAllowed": false, + "resetPasswordAllowed": false, + "editUsernameAllowed": false, + "bruteForceProtected": false, + "permanentLockout": false, + "maxFailureWaitSeconds": 900, + "minimumQuickLoginWaitSeconds": 60, + "waitIncrementSeconds": 60, + "quickLoginCheckMilliSeconds": 1000, + "maxDeltaTimeSeconds": 43200, + "failureFactor": 30, + "roles": { + "realm": [ + { + "id": "abe5b433-db1c-4890-ac77-ed863f2c6c35", + "name": "uma_authorization", + "description": "${role_uma_authorization}", + "composite": false, + "clientRole": false, + "containerId": "5824f018-c4d5-434f-8a42-6f53343f8f0b", + "attributes": {} + }, + { + "id": "83e52196-af8a-4044-b757-d669e3c6d9df", + "name": "offline_access", + "description": "${role_offline-access}", + "composite": false, + "clientRole": false, + "containerId": "5824f018-c4d5-434f-8a42-6f53343f8f0b", + "attributes": {} + }, + { + "id": "20facb33-4d99-445a-aa50-09fa55b6b897", + "name": "default-roles-helm-charts", + "description": "${role_default-roles}", + "composite": true, + "composites": { + "realm": [ + "offline_access", + "uma_authorization" + ], + "client": { + "account": [ + "manage-account", + "view-profile" + ] + } + }, + "clientRole": false, + "containerId": "5824f018-c4d5-434f-8a42-6f53343f8f0b", + "attributes": {} + } + ], + "client": { + "realm-management": [ + { + "id": "58ac5877-9668-4e74-a528-db665be91234", + "name": "impersonation", + "description": "${role_impersonation}", + "composite": false, + "clientRole": true, + "containerId": "a9d7887b-d942-46ef-8c9e-90c383f8a9e8", + "attributes": {} + }, + { + "id": "719560b1-c3cd-421b-82e5-e990ecf10807", + "name": "manage-events", + "description": "${role_manage-events}", + "composite": false, + "clientRole": true, + "containerId": "a9d7887b-d942-46ef-8c9e-90c383f8a9e8", + "attributes": {} + }, + { + "id": "9e538292-a2b6-4110-84d7-34b05758c392", + "name": "view-events", + "description": "${role_view-events}", + "composite": false, + "clientRole": true, + "containerId": "a9d7887b-d942-46ef-8c9e-90c383f8a9e8", + "attributes": {} + }, + { + "id": "de671d38-f006-4bd7-a0cd-1e1e2b231664", + "name": "manage-authorization", + "description": "${role_manage-authorization}", + "composite": false, + "clientRole": true, + "containerId": "a9d7887b-d942-46ef-8c9e-90c383f8a9e8", + "attributes": {} + }, + { + "id": "c1187416-37f6-4380-9acc-91a696d9492b", + "name": "realm-admin", + "description": "${role_realm-admin}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "impersonation", + "manage-events", + "view-events", + "view-identity-providers", + "manage-authorization", + "query-realms", + "view-authorization", + "create-client", + "view-realm", + "manage-realm", + "manage-clients", + "view-users", + "view-clients", + "query-clients", + "manage-users", + "manage-identity-providers", + "query-users", + "query-groups" + ] + } + }, + "clientRole": true, + "containerId": "a9d7887b-d942-46ef-8c9e-90c383f8a9e8", + "attributes": {} + }, + { + "id": "2242c95d-f23b-448c-9b3e-7f5e57c0ce31", + "name": "view-identity-providers", + "description": "${role_view-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "a9d7887b-d942-46ef-8c9e-90c383f8a9e8", + "attributes": {} + }, + { + "id": "ea45ae35-875b-4d42-94f9-fbf82d51eafa", + "name": "query-realms", + "description": "${role_query-realms}", + "composite": false, + "clientRole": true, + "containerId": "a9d7887b-d942-46ef-8c9e-90c383f8a9e8", + "attributes": {} + }, + { + "id": "ad2c3db4-c435-4135-b92d-2f7fc6fe4c2a", + "name": "create-client", + "description": "${role_create-client}", + "composite": false, + "clientRole": true, + "containerId": "a9d7887b-d942-46ef-8c9e-90c383f8a9e8", + "attributes": {} + }, + { + "id": "30ebed47-4e4c-4f62-9e47-243c3b83b22e", + "name": "view-authorization", + "description": "${role_view-authorization}", + "composite": false, + "clientRole": true, + "containerId": "a9d7887b-d942-46ef-8c9e-90c383f8a9e8", + "attributes": {} + }, + { + "id": "54664726-50c0-418e-a244-dab0a6dfcf75", + "name": "view-realm", + "description": "${role_view-realm}", + "composite": false, + "clientRole": true, + "containerId": "a9d7887b-d942-46ef-8c9e-90c383f8a9e8", + "attributes": {} + }, + { + "id": "6a4e74ad-ddf0-4f0c-8271-df37076d6698", + "name": "manage-realm", + "description": "${role_manage-realm}", + "composite": false, + "clientRole": true, + "containerId": "a9d7887b-d942-46ef-8c9e-90c383f8a9e8", + "attributes": {} + }, + { + "id": "0bae52f8-f354-4284-9b87-0b10e834424d", + "name": "manage-clients", + "description": "${role_manage-clients}", + "composite": false, + "clientRole": true, + "containerId": "a9d7887b-d942-46ef-8c9e-90c383f8a9e8", + "attributes": {} + }, + { + "id": "d5c27009-9f6f-438d-a88c-acf5cf5a7b83", + "name": "view-users", + "description": "${role_view-users}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-users", + "query-groups" + ] + } + }, + "clientRole": true, + "containerId": "a9d7887b-d942-46ef-8c9e-90c383f8a9e8", + "attributes": {} + }, + { + "id": "54741bbe-7e5b-4d4f-a10f-4acafb683e99", + "name": "view-clients", + "description": "${role_view-clients}", + "composite": true, + "composites": { + "client": { + "realm-management": [ + "query-clients" + ] + } + }, + "clientRole": true, + "containerId": "a9d7887b-d942-46ef-8c9e-90c383f8a9e8", + "attributes": {} + }, + { + "id": "1a4ce08e-38d9-4dc9-b4b0-579e327a142e", + "name": "query-clients", + "description": "${role_query-clients}", + "composite": false, + "clientRole": true, + "containerId": "a9d7887b-d942-46ef-8c9e-90c383f8a9e8", + "attributes": {} + }, + { + "id": "43eec708-8985-4309-96d2-b12a3a311db6", + "name": "manage-users", + "description": "${role_manage-users}", + "composite": false, + "clientRole": true, + "containerId": "a9d7887b-d942-46ef-8c9e-90c383f8a9e8", + "attributes": {} + }, + { + "id": "528c1cfb-e4d1-4765-89db-399fe0f96d80", + "name": "manage-identity-providers", + "description": "${role_manage-identity-providers}", + "composite": false, + "clientRole": true, + "containerId": "a9d7887b-d942-46ef-8c9e-90c383f8a9e8", + "attributes": {} + }, + { + "id": "dd4f302b-f16b-439b-946f-59c62a81fd24", + "name": "query-users", + "description": "${role_query-users}", + "composite": false, + "clientRole": true, + "containerId": "a9d7887b-d942-46ef-8c9e-90c383f8a9e8", + "attributes": {} + }, + { + "id": "09c3e798-1918-4bfd-ae24-8c7e7cd101d7", + "name": "query-groups", + "description": "${role_query-groups}", + "composite": false, + "clientRole": true, + "containerId": "a9d7887b-d942-46ef-8c9e-90c383f8a9e8", + "attributes": {} + } + ], + "security-admin-console": [], + "admin-cli": [], + "account-console": [], + "broker": [ + { + "id": "53405c68-0e31-4edf-95f0-6a5881c2c90c", + "name": "read-token", + "description": "${role_read-token}", + "composite": false, + "clientRole": true, + "containerId": "6d3513a4-c59b-4f62-9ac5-5491f1caa78c", + "attributes": {} + } + ], + "netbird-dashboard": [], + "netbird-management": [], + "account": [ + { + "id": "cbae06ad-b5e6-4526-9854-e7ec62bdfac3", + "name": "view-applications", + "description": "${role_view-applications}", + "composite": false, + "clientRole": true, + "containerId": "0c5e19e1-d4d5-4434-97c5-de044a5a095d", + "attributes": {} + }, + { + "id": "1db08a45-8584-4084-9de6-6c2364d31613", + "name": "view-consent", + "description": "${role_view-consent}", + "composite": false, + "clientRole": true, + "containerId": "0c5e19e1-d4d5-4434-97c5-de044a5a095d", + "attributes": {} + }, + { + "id": "61108528-639e-44fa-95a3-80b505c48679", + "name": "manage-account-links", + "description": "${role_manage-account-links}", + "composite": false, + "clientRole": true, + "containerId": "0c5e19e1-d4d5-4434-97c5-de044a5a095d", + "attributes": {} + }, + { + "id": "35030ae4-10a9-46e9-9d83-f6274d2e407b", + "name": "delete-account", + "description": "${role_delete-account}", + "composite": false, + "clientRole": true, + "containerId": "0c5e19e1-d4d5-4434-97c5-de044a5a095d", + "attributes": {} + }, + { + "id": "1b7a836c-76f5-4f0e-8842-b0e1e8e4f514", + "name": "manage-account", + "description": "${role_manage-account}", + "composite": true, + "composites": { + "client": { + "account": [ + "manage-account-links" + ] + } + }, + "clientRole": true, + "containerId": "0c5e19e1-d4d5-4434-97c5-de044a5a095d", + "attributes": {} + }, + { + "id": "1f1b34b4-dfee-4fb8-90f0-23984a2cfb66", + "name": "manage-consent", + "description": "${role_manage-consent}", + "composite": true, + "composites": { + "client": { + "account": [ + "view-consent" + ] + } + }, + "clientRole": true, + "containerId": "0c5e19e1-d4d5-4434-97c5-de044a5a095d", + "attributes": {} + }, + { + "id": "28416106-92eb-49dd-ad5f-4728e2bdf91f", + "name": "view-groups", + "description": "${role_view-groups}", + "composite": false, + "clientRole": true, + "containerId": "0c5e19e1-d4d5-4434-97c5-de044a5a095d", + "attributes": {} + }, + { + "id": "760abb96-df99-4d00-95f0-70e1c6748c07", + "name": "view-profile", + "description": "${role_view-profile}", + "composite": false, + "clientRole": true, + "containerId": "0c5e19e1-d4d5-4434-97c5-de044a5a095d", + "attributes": {} + } + ] + } + }, + "groups": [], + "defaultRole": { + "id": "20facb33-4d99-445a-aa50-09fa55b6b897", + "name": "default-roles-helm-charts", + "description": "${role_default-roles}", + "composite": true, + "clientRole": false, + "containerId": "5824f018-c4d5-434f-8a42-6f53343f8f0b" + }, + "requiredCredentials": [ + "password" + ], + "otpPolicyType": "totp", + "otpPolicyAlgorithm": "HmacSHA1", + "otpPolicyInitialCounter": 0, + "otpPolicyDigits": 6, + "otpPolicyLookAheadWindow": 1, + "otpPolicyPeriod": 30, + "otpPolicyCodeReusable": false, + "otpSupportedApplications": [ + "totpAppMicrosoftAuthenticatorName", + "totpAppFreeOTPName", + "totpAppGoogleName" + ], + "webAuthnPolicyRpEntityName": "keycloak", + "webAuthnPolicySignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyRpId": "", + "webAuthnPolicyAttestationConveyancePreference": "not specified", + "webAuthnPolicyAuthenticatorAttachment": "not specified", + "webAuthnPolicyRequireResidentKey": "not specified", + "webAuthnPolicyUserVerificationRequirement": "not specified", + "webAuthnPolicyCreateTimeout": 0, + "webAuthnPolicyAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyAcceptableAaguids": [], + "webAuthnPolicyPasswordlessRpEntityName": "keycloak", + "webAuthnPolicyPasswordlessSignatureAlgorithms": [ + "ES256" + ], + "webAuthnPolicyPasswordlessRpId": "", + "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", + "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", + "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", + "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", + "webAuthnPolicyPasswordlessCreateTimeout": 0, + "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, + "webAuthnPolicyPasswordlessAcceptableAaguids": [], + "scopeMappings": [ + { + "clientScope": "offline_access", + "roles": [ + "offline_access" + ] + } + ], + "clientScopeMappings": { + "account": [ + { + "client": "account-console", + "roles": [ + "manage-account", + "view-groups" + ] + } + ] + }, + "clients": [ + { + "id": "0c5e19e1-d4d5-4434-97c5-de044a5a095d", + "clientId": "account", + "name": "${client_account}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/helm-charts/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/helm-charts/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "d9c2c237-3b14-49f9-b161-11f059d3658a", + "clientId": "account-console", + "name": "${client_account-console}", + "rootUrl": "${authBaseUrl}", + "baseUrl": "/realms/helm-charts/account/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/realms/helm-charts/account/*" + ], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "c400696f-a8e2-44e7-98b7-ca3f78512482", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "e11c6aea-84ec-4abb-a111-8700227199f2", + "clientId": "admin-cli", + "name": "${client_admin-cli}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": true, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "6d3513a4-c59b-4f62-9ac5-5491f1caa78c", + "clientId": "broker", + "name": "${client_broker}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "6931c2a3-8731-4ad4-bc3c-17525d12e2eb", + "clientId": "netbird-dashboard", + "name": "NetBird Dashboard", + "description": "", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "http://localtest.me:8080/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "oauth2.device.authorization.grant.enabled": "false", + "display.on.consent.screen": "false", + "backchannel.logout.session.required": "true", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "api", + "microprofile-jwt" + ] + }, + { + "id": "6931c2a3-8731-4ad4-bc3c-17525d12e2ec", + "clientId": "netbird-management", + "name": "NetBird Management", + "description": "", + "rootUrl": "", + "adminUrl": "", + "baseUrl": "", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "http://localtest.me:8080/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": true, + "protocol": "openid-connect", + "attributes": { + "oidc.ciba.grant.enabled": "false", + "oauth2.device.authorization.grant.enabled": "true", + "display.on.consent.screen": "false", + "backchannel.logout.session.required": "true", + "backchannel.logout.revoke.offline.tokens": "false" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "api", + "microprofile-jwt" + ] + }, + { + "id": "a9d7887b-d942-46ef-8c9e-90c383f8a9e8", + "clientId": "realm-management", + "name": "${client_realm-management}", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": true, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": {}, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + }, + { + "id": "bd28bb0f-4398-4720-a113-d1672d81fdd0", + "clientId": "security-admin-console", + "name": "${client_security-admin-console}", + "rootUrl": "${authAdminUrl}", + "baseUrl": "/admin/helm-charts/console/", + "surrogateAuthRequired": false, + "enabled": true, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "redirectUris": [ + "/admin/helm-charts/console/*" + ], + "webOrigins": [ + "+" + ], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "frontchannelLogout": false, + "protocol": "openid-connect", + "attributes": { + "post.logout.redirect.uris": "+", + "pkce.code.challenge.method": "S256" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": false, + "nodeReRegistrationTimeout": 0, + "protocolMappers": [ + { + "id": "7b995fd4-129b-4fd1-b0d8-34457a10f0c4", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ], + "defaultClientScopes": [ + "web-origins", + "acr", + "roles", + "profile", + "email" + ], + "optionalClientScopes": [ + "address", + "phone", + "offline_access", + "microprofile-jwt" + ] + } + ], + "clientScopes": [ + { + "id": "f5fad00f-a297-4866-b84a-2cfd853027cd", + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "id": "d5f5509a-f0c2-4d5e-a34d-b1f3c6a127c6", + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "id": "a3ccf00c-c9c7-493e-bcdb-74612c8a5637", + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${phoneScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "766485ba-ed87-4245-ad8b-7d95148fe622", + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + }, + { + "id": "0c346b72-380b-4ca2-9670-af88a7181cb7", + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "id": "83e4c802-5d25-45a0-b7ae-3f332e3ac04e", + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "id": "ee1133ae-4ce1-4812-9509-94b924240f5d", + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": {} + } + ] + }, + { + "id": "c97b88a6-de5a-49df-96b7-3ed3ccad7217", + "name": "api", + "description": "NetBird API", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "gui.order": "", + "consent.screen.text": "" + } + }, + { + "id": "0b142894-eb76-40a0-98a9-0be5acb16051", + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "id": "09b78c67-d1d0-4734-9c8f-a4227e156404", + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "8be9ded2-3b25-4694-9d29-accf1a1756fd", + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + }, + { + "id": "0daf4806-7f02-440e-b2d3-e6328f3db560", + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "ae01fe81-3859-436b-9892-05573a9ff824", + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "81381a3f-b2ef-4ec7-bbc4-6e3164d244b6", + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "id": "5bb9886b-201d-4f01-a885-b099a1361709", + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "consent.screen.text": "${rolesScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "68dfef7d-70c3-4f6a-a7bb-8fccccfeed68", + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "0b84c92a-1de2-467c-abfd-be28dfc9f26d", + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "id": "c4809b58-1d39-45f1-b60a-e971dbdbe909", + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + } + ] + }, + { + "id": "7ec1428f-6940-4408-ab0a-cb3bcabede08", + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "5f319a68-fdb0-4c04-abee-0cac9c13b8b7", + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "multivalued": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + }, + { + "id": "baf31940-4bab-4dd9-bae8-66fabd4d7f16", + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "b2b9e510-f400-497f-b1ec-22e383e8d4d0", + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${profileScopeConsentText}" + }, + "protocolMappers": [ + { + "id": "91415cac-c650-4697-8889-f98c04a2dd5a", + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "id": "4c796701-569d-4e69-adc2-c1ef780f0f8a", + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + }, + { + "id": "b05fb7e3-143f-49e2-b7a7-32f1e82243f3", + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "id": "faed8b8d-d63a-407b-b21a-53035ed69e03", + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "id": "fc950f5a-d390-4c33-a4b6-c1f7b775a2d0", + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "long" + } + }, + { + "id": "8bf4e6a8-9365-4c57-9fdf-bef1abc42f51", + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "id": "28c9d47c-38d4-4634-8728-51a286935c55", + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "id": "c7cb655f-5279-4d12-8975-e2023ed6061e", + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "id": "19edb8ea-c7ac-4dd0-9c93-0c57bfd96403", + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "id": "78cae607-c978-48a1-bd62-a994d9cbc719", + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "id": "0a30352f-09fa-463b-acea-41e79e75bba3", + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "id": "ad06e918-970f-45b7-8402-c6c594882674", + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "id": "72b0aac3-c704-442f-8777-38297cce1d62", + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "id": "0a3c9484-0b66-47a4-b46b-53cf7fe9a428", + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + } + ] + }, + { + "id": "a73027d5-e8fc-400f-8de2-f0847d268664", + "name": "acr", + "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "id": "ed6b8d92-8080-4e1a-a0df-6629d1355538", + "name": "acr loa level", + "protocol": "openid-connect", + "protocolMapper": "oidc-acr-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true" + } + } + ] + } + ], + "defaultDefaultClientScopes": [ + "role_list", + "profile", + "email", + "roles", + "web-origins", + "acr" + ], + "defaultOptionalClientScopes": [ + "offline_access", + "address", + "phone", + "microprofile-jwt", + "api" + ], + "browserSecurityHeaders": { + "contentSecurityPolicyReportOnly": "", + "xContentTypeOptions": "nosniff", + "xRobotsTag": "none", + "xFrameOptions": "SAMEORIGIN", + "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", + "xXSSProtection": "1; mode=block", + "strictTransportSecurity": "max-age=31536000; includeSubDomains" + }, + "smtpServer": {}, + "eventsEnabled": false, + "eventsListeners": [ + "jboss-logging" + ], + "enabledEventTypes": [], + "adminEventsEnabled": false, + "adminEventsDetailsEnabled": false, + "identityProviders": [], + "identityProviderMappers": [], + "components": { + "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ + { + "id": "a46ab6cf-48e4-4b1c-82c2-5a8f8947b865", + "name": "Full Scope Disabled", + "providerId": "scope", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "f09bcf1a-93f1-4278-834a-71bced198468", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "oidc-sha256-pairwise-sub-mapper", + "saml-user-attribute-mapper", + "oidc-usermodel-attribute-mapper", + "oidc-usermodel-property-mapper", + "oidc-address-mapper", + "saml-role-list-mapper", + "saml-user-property-mapper", + "oidc-full-name-mapper" + ] + } + }, + { + "id": "20954d16-4986-4348-85fc-ff8fd85ab640", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "9b4994f6-1221-476f-b3cf-6a378eb6d9a4", + "name": "Allowed Protocol Mapper Types", + "providerId": "allowed-protocol-mappers", + "subType": "anonymous", + "subComponents": {}, + "config": { + "allowed-protocol-mapper-types": [ + "saml-user-property-mapper", + "oidc-usermodel-property-mapper", + "saml-role-list-mapper", + "oidc-address-mapper", + "oidc-usermodel-attribute-mapper", + "saml-user-attribute-mapper", + "oidc-full-name-mapper", + "oidc-sha256-pairwise-sub-mapper" + ] + } + }, + { + "id": "1718285b-440a-4bc4-bd7c-6a26042eda08", + "name": "Consent Required", + "providerId": "consent-required", + "subType": "anonymous", + "subComponents": {}, + "config": {} + }, + { + "id": "e097d45a-6ddc-4521-93d1-15c02e0171f1", + "name": "Allowed Client Scopes", + "providerId": "allowed-client-templates", + "subType": "authenticated", + "subComponents": {}, + "config": { + "allow-default-scopes": [ + "true" + ] + } + }, + { + "id": "8c24b4e9-7770-440b-a055-42b25c57cb4f", + "name": "Max Clients Limit", + "providerId": "max-clients", + "subType": "anonymous", + "subComponents": {}, + "config": { + "max-clients": [ + "200" + ] + } + }, + { + "id": "85d3d35a-9378-42b0-aad3-a1606dd37599", + "name": "Trusted Hosts", + "providerId": "trusted-hosts", + "subType": "anonymous", + "subComponents": {}, + "config": { + "host-sending-registration-request-must-match": [ + "true" + ], + "client-uris-must-match": [ + "true" + ] + } + } + ], + "org.keycloak.keys.KeyProvider": [ + { + "id": "f849431a-3340-4797-afca-67a65e196c71", + "name": "hmac-generated", + "providerId": "hmac-generated", + "subComponents": {}, + "config": { + "kid": [ + "3136aee1-d663-4720-b0e5-e8418eefdcf2" + ], + "secret": [ + "9yszVAZi25tyOtLL8yKHqvxZg2vQqJgBZixKnlF5PbPE3q7AY0IcETi4DyINwCXvHYCEDW20wVEa1UE7S9TpuA" + ], + "priority": [ + "100" + ], + "algorithm": [ + "HS256" + ] + } + }, + { + "id": "5939534d-89e8-43f6-9e3e-ab390bc40f8e", + "name": "rsa-generated", + "providerId": "rsa-generated", + "subComponents": {}, + "config": { + "privateKey": [ + "MIIEogIBAAKCAQEAs1wJ+Hnz5KxMZMKzaVQAqP8v+Ry5MXebzvzmI4QcVpJgwz22RCJWhAJzgrNBwFQQqRv9BH1kpAP5AVku2gBGxsk+GCU6C9bn+dHTIAZhX1PkA/cDlwQTQ4747AQ5ZFs8qalKTD0VtEoAsN16IylPhTZJUSd2RskHRby+yrC0PJbUFzfTW1ag5k3LlhlN1znjEzYJEl9pPBTTGUFSl7A86WY/t1xvC2RPwDZs3pfy5XiXQj7/utf9PoeDcwp+Ej9WL54FMGLRhR4UztsVRvXSTA45MOYDMytIo+7l9Xahls2v2r4c8CeahT8cEy8nKnbEkIEN8gbEX2SBD4CB8AxvrwIDAQABAoIBADlfo8DcIexwQS+qKIH04REuMEZbrdHpFOotc+DAjeATiuhpgThiU5J+xjx04v+G5J1z2ofpJJxiuPB5esc5d2p3TWmj3uGSqTn8qLCB2fwIddPe3EMehpsBzRaSc1lq5gjPoniowZyeX4I0FrHQsSNHrkRLf0Y9YBoquk1UIROQEo+AeUNd/3m8/W0raClCqTtv2JKBvHPtJZo5Sdztyp/HK+aTdRdCwON8IqPMCbl0nCsboLswHKBjO+85tyZAqzE1zIlWpMcWbJET4xcUyzdxjXyz52XuPW4DpqPS/kXeqJtBJE3zFb3pHc4mNakwHdfaRy7Pg5w9iZoYEglpFGECgYEA4uknTuEcoXf9K64kBXI67bMX7yF+Y71QetQdz1t+mS6D7ve3ej67U5y1cvZlAjKR9MAgFctd4ZecvxYzeLii+dj0tU1xa5ISDgSGDGaBD+n9RxiVoaWvEsdRXBwFgAuCr9T7JDbQnVuuKxMhQASb+bFk/quNN26fOeb/nsS/fF0CgYEAylpUmVYjfntNXLeKu/SE0F+qMMWfVjd7TUmY4z0TzONB6QcphwKWa/fGQyChwJ3R54fWk0w5fMzGLX9OB1plAD3V74ZK9I66T96Y+hbSnNFgQnekyPw/QkP1peSoDohZ0aUGoNAb/LXp5I203BE4V/yo5Leqg16ox0jqovfHe3sCgYBNh0we71tQ8CZYXk+AbN8liCONWOxON8jfrsngp2pB/Fqns4vFANoQX2K/vOAWOCEWdu5/g9S3141+3J8JiExnAXHa4HL4RhhVIcaLRhqizVf0irnVWT7QM7ngttJKRaSJX0PPw8rTeRexMAAUV37TeYEAYq0FW46bwglkveSPIQKBgA4z+OwqV6NxFCUF3P8EUq4tiMyTknOCwWzTVZ/dkZ439VBd6FRJojVB1vCvQas7aJhPuIfuObrAxMg8v0VU2vIBZRrC2lAAFKO2hBZJs86+A3um2jIhQm9sRbm3KvSaLXPBmY2ADfbW7evU5nTr4ICMg25KVfWSl1YlkBKQQbgxAoGAP6U/TRZapeo8FyGPFri5TQhz55Mp8OVEx1NNKqFmN14pQDnmM3jYWk9SgDhfPR1aDsn4fQVjJKmDcvCpuO2SLXEsc+a7+uLzVJ32fLBrs0a8VCF8hhWWGn9ILDNHLKwH7+vIBc7VZSwStJKBS5g8Bq5HlcI3Jpz9CcjdXg9OQM0=" + ], + "keyUse": [ + "SIG" + ], + "certificate": [ + "MIICpTCCAY0CBgGGzE5aTTANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAtoZWxtLWNoYXJ0czAeFw0yMzAzMTAxNjEzNTJaFw0zMzAzMTAxNjE1MzJaMBYxFDASBgNVBAMMC2hlbG0tY2hhcnRzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1wJ+Hnz5KxMZMKzaVQAqP8v+Ry5MXebzvzmI4QcVpJgwz22RCJWhAJzgrNBwFQQqRv9BH1kpAP5AVku2gBGxsk+GCU6C9bn+dHTIAZhX1PkA/cDlwQTQ4747AQ5ZFs8qalKTD0VtEoAsN16IylPhTZJUSd2RskHRby+yrC0PJbUFzfTW1ag5k3LlhlN1znjEzYJEl9pPBTTGUFSl7A86WY/t1xvC2RPwDZs3pfy5XiXQj7/utf9PoeDcwp+Ej9WL54FMGLRhR4UztsVRvXSTA45MOYDMytIo+7l9Xahls2v2r4c8CeahT8cEy8nKnbEkIEN8gbEX2SBD4CB8AxvrwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCtfmIGJLz0xeVlLoQ5IuPGbHsXEhNd5ZZukHR/uE9F1cO7fS/zillpQoXGm+Q31e1MMZanSh0mwc6/0cx2QVe6nyGDu5vRwoYwJbWYyWMDWZugeKhopE8n29U2gEe8f5f69/8kLFmTaMy31aHuQXHn7mBZD+5h3TBHaxUcE+erXzEHKXq0u0zNsQa1LNjfbfXxu4kfWE8ziS5OXFWFGMU7QsoSNRGRuolPb19dRNNWIupD2zXAeyRMFcOu+9CM88egSlmgXPRi7zSEHijHIOD0DB5MAqP2FAXJuIW1nbBEfHiYbefyHQD7vqKcTPxd3SEvNzgAaUngNhPsVQ0InKwn" + ], + "priority": [ + "100" + ] + } + }, + { + "id": "5b890afe-ed76-4e36-9665-c28d59d4a7c6", + "name": "aes-generated", + "providerId": "aes-generated", + "subComponents": {}, + "config": { + "kid": [ + "596c07b1-c119-4bf1-914e-c331dad304a7" + ], + "secret": [ + "wY_O16YNZy6IBGx1mJ_EhQ" + ], + "priority": [ + "100" + ] + } + }, + { + "id": "6d67c80f-3dc1-44f9-842f-b6179015f0a3", + "name": "rsa-enc-generated", + "providerId": "rsa-enc-generated", + "subComponents": {}, + "config": { + "privateKey": [ + "MIIEowIBAAKCAQEAhlH4wbJgLQkg711YH7XkILH2qQsZK/r1lqj2QChQpcK83SqnCWUyugTISNtUZXlM+3/XBEgyd/vYb0XfNMQhXuxPrakV0DRA/tYzvgwUC2PONx22Lw8eI5OPJasW9YzCXkgEqM0hxQHKQvvQHR6CxELollc9cDvTtnX9Dxhiq53r3SZVAKSdCwFzt5rX6WqzeJyiabXcdo+ZIsDOXaSEcS5RAV6iZ0DNYl2i20foTFQ/G9Ekc9qypYHy857LYleWUnAggCnMH+QLdQrDg5RKf0WGpEszLsGwJ8XaqbaomFwn9G4upgVLdmwLWNjeeXp5/Ee3Qpu1uYJ7M6m0J6o15QIDAQABAoIBAEEiE7m9iRSdlhpsTbTGy3ItSfpL1u90OM3PbeXLhtvydAndSnVsXK5Gbmah8KlqKjHUmovJhKuY9Kl0nNll9/ajKboAwYKeLBxG+30/NyMUySUB49uq/Ybr4WC3N6FnmcMFMjk2i5cQGKflmtPb/TY1abqpYDIB2NZkHYvJ2+Lys9e+nzzlG01D4ndAB4s6WERCPmyUiO/SFxFY4zrX/DBz5XaWsl0yjKwFb0Fxtid19muGk1epu9PVAghsa3/AJh1Pdonf78mrEtGXMiI2ZQg5jYuouec2jpNQWslNq11KOU7tPmD98D58YWU/sTCcvzSgnQLwUETRhzcIz08XFmsCgYEAu8uAN2e2HSJ4hepyu4hsij3Xpppu854L+vjmvYSEIRStNPyvs4Onfff8dNwJ+bhrY+xwIsQJaxrsizmP/PzkPaFkg2ex53aGuC2XOF6rsQNghzsBoKjNvOcRsdnYT9wmAIrfzM9nQKYwaKrROd1UqTsrAgoQGhNw4uepQABn+WsCgYEAtxqVLdZP1Cdj9+fr0CGlLAIEsXNhTaQ2qhotGOr73TvObEBTNJougd/qqjGc/4uZcipfWiyzkBGOElz18YuNS1kUHxnHDanL8IqbIGGZOw5sa7IbY77TPAXxg21XjGZHWP8tww/5WoHU66+SYB2UgOzfAXAJgHfmdRgD7lHo0e8CgYBLIUgDYneGQmMrWDdcdWDPEZyz53bZ+fHbDzbovRpLTcVZvHnifJpGmC6k5d8Ly88S4+Wc0wbdlaDqtjW3xcjeKzJWK+cNreqJxpuIDr/rimlU0LN+/emJWHxIxdl3YaDGeMi+XH93asVVKnmYB8c2CRjUsQfuFrcD4CBjHYZ7TwKBgHICBTzjIhVw6Vfkefm/2T5Li2yJ8N4ND1RetBG9zlDz+hWA/83S6n5HU6/g8GZVH5fsNi7JgoyDwbhBVYmuYK23q0WqITyqqqb9RpWk72nME0oDPfafTJslADnbDRYIYQhS6sV33sSx7kdJrJRYFq0nz7rvbZsmDMJ/z4LGUXbVAoGBAJXmzSjOpnK8P4m/tDpduUly3fM5wGEJQ1D2TvmMO6AyYxNOzcT+dyw2H4HD0PDe3VQhom9gt+/zZZOU8Cc6E/1nmjuNdGidWggGymRe/YlbVkHPOYzyLoUzHpkBwjqpc7Laln2nAPI8zPPa0Yy0TzjH/MAd+vrBteAB8MgEi/cD" + ], + "keyUse": [ + "ENC" + ], + "certificate": [ + "MIICpTCCAY0CBgGGzE5axDANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDDAtoZWxtLWNoYXJ0czAeFw0yMzAzMTAxNjEzNTJaFw0zMzAzMTAxNjE1MzJaMBYxFDASBgNVBAMMC2hlbG0tY2hhcnRzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhlH4wbJgLQkg711YH7XkILH2qQsZK/r1lqj2QChQpcK83SqnCWUyugTISNtUZXlM+3/XBEgyd/vYb0XfNMQhXuxPrakV0DRA/tYzvgwUC2PONx22Lw8eI5OPJasW9YzCXkgEqM0hxQHKQvvQHR6CxELollc9cDvTtnX9Dxhiq53r3SZVAKSdCwFzt5rX6WqzeJyiabXcdo+ZIsDOXaSEcS5RAV6iZ0DNYl2i20foTFQ/G9Ekc9qypYHy857LYleWUnAggCnMH+QLdQrDg5RKf0WGpEszLsGwJ8XaqbaomFwn9G4upgVLdmwLWNjeeXp5/Ee3Qpu1uYJ7M6m0J6o15QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQA5kAJjg4AnoQc4w0zS9PuIyxDr5CsvZYH8zEwi8Hom3zXFqVu8+btNlTWuljIuwkoZhe7SUQVV4+dOi0vQMs1mVsMTsWCkmuI24f1LXtdJATH8ibS1O+JqSr1dSmbD79d9ka8UtIboxN6+6w2ZUpI/IUSEHSivelJ7nCH4LhAKWvPBSvD7NtlyCK8Cx5W5cT1m5ZOPB2bmHBlwAYlBjq6KG2LTZ2LWEgSeHLiLctQZlOU0R+FCse+m9AtuFlA2y+VGpY3t6YlnPgM57/mh/O+CxZSo0Edkc7asgxmvRD+XdDImlnz7EHLMBKBQIcnwz8sWe8jHkNHwmCosh0OaZpyn" + ], + "priority": [ + "100" + ], + "algorithm": [ + "RSA-OAEP" + ] + } + } + ] + }, + "internationalizationEnabled": false, + "supportedLocales": [], + "authenticationFlows": [ + { + "id": "3db49ff2-d135-4b6f-a39d-df789e995828", + "alias": "Account verification options", + "description": "Method with which to verity the existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-email-verification", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Verify Existing Account by Re-authentication", + "userSetupAllowed": false + } + ] + }, + { + "id": "959f94f2-8d2e-49c0-b862-d2f0b2a984bf", + "alias": "Authentication Options", + "description": "Authentication options.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "basic-auth", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "basic-auth-otp", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "fdca3bc8-f8d2-4386-b9f9-68b9c24f16f8", + "alias": "Browser - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "44fa36ef-8432-4c4b-afc2-8c744243d7a7", + "alias": "Direct Grant - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "9944b352-f307-48dd-8119-a800f20fec69", + "alias": "First broker login - Conditional OTP", + "description": "Flow to determine if the OTP is required for the authentication", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-otp-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "266b93c0-b600-4f49-8427-ba40d277d8ce", + "alias": "Handle Existing Account", + "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-confirm-link", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Account verification options", + "userSetupAllowed": false + } + ] + }, + { + "id": "139eb38c-4c1e-4485-aa0d-b242c986f93f", + "alias": "Reset - Conditional OTP", + "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "conditional-user-configured", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-otp", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "376e2b9a-20f7-4a60-b40c-2bec41b6389b", + "alias": "User creation or linking", + "description": "Flow for the existing/non-existing user alternatives", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "create unique user config", + "authenticator": "idp-create-user-if-unique", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Handle Existing Account", + "userSetupAllowed": false + } + ] + }, + { + "id": "d0545ab1-0471-4c99-ac53-f164bf99c0c6", + "alias": "Verify Existing Account by Re-authentication", + "description": "Reauthentication of existing account", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "idp-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "First broker login - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "8e55186f-62f5-43d2-9383-ce098ad7687a", + "alias": "browser", + "description": "browser based authentication", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-cookie", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "auth-spnego", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "identity-provider-redirector", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 25, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "forms", + "userSetupAllowed": false + } + ] + }, + { + "id": "5210d656-4b3c-4c4b-8c1c-ff6728b332f5", + "alias": "clients", + "description": "Base authentication for clients", + "providerId": "client-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "client-secret", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-secret-jwt", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "client-x509", + "authenticatorFlow": false, + "requirement": "ALTERNATIVE", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "67effc6d-b648-4cea-9b43-c649d49100b5", + "alias": "direct grant", + "description": "OpenID Connect Resource Owner Grant", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "direct-grant-validate-username", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "direct-grant-validate-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 30, + "autheticatorFlow": true, + "flowAlias": "Direct Grant - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "87dd2f3e-0da1-440c-8530-f2041e740d67", + "alias": "docker auth", + "description": "Used by Docker clients to authenticate against the IDP", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "docker-http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "02300d7a-9cc2-4f29-8e22-152fe1511f37", + "alias": "first broker login", + "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticatorConfig": "review profile config", + "authenticator": "idp-review-profile", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "User creation or linking", + "userSetupAllowed": false + } + ] + }, + { + "id": "c1a2711e-995b-43bf-ac37-802aa3c2b994", + "alias": "forms", + "description": "Username, password, otp and other auth forms.", + "providerId": "basic-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "auth-username-password-form", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Browser - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "35dd2121-6f90-4d97-b6d3-e715e32cf125", + "alias": "http challenge", + "description": "An authentication flow based on challenge-response HTTP Authentication Schemes", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "no-cookie-redirect", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": true, + "flowAlias": "Authentication Options", + "userSetupAllowed": false + } + ] + }, + { + "id": "98bd53b2-b8ce-4452-8f7e-221e46502889", + "alias": "registration", + "description": "registration flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-page-form", + "authenticatorFlow": true, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": true, + "flowAlias": "registration form", + "userSetupAllowed": false + } + ] + }, + { + "id": "96844d62-6870-4bfb-aa1f-3d4f5ccc0a2c", + "alias": "registration form", + "description": "registration form", + "providerId": "form-flow", + "topLevel": false, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "registration-user-creation", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-profile-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 40, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-password-action", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 50, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "registration-recaptcha-action", + "authenticatorFlow": false, + "requirement": "DISABLED", + "priority": 60, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + }, + { + "id": "7c2802f4-09d5-4dd9-85a9-54e97583e1c0", + "alias": "reset credentials", + "description": "Reset credentials for a user if they forgot their password or something", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "reset-credentials-choose-user", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-credential-email", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 20, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticator": "reset-password", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 30, + "autheticatorFlow": false, + "userSetupAllowed": false + }, + { + "authenticatorFlow": true, + "requirement": "CONDITIONAL", + "priority": 40, + "autheticatorFlow": true, + "flowAlias": "Reset - Conditional OTP", + "userSetupAllowed": false + } + ] + }, + { + "id": "53dea37b-fdd6-4b7b-a87e-c564e5151bcc", + "alias": "saml ecp", + "description": "SAML ECP Profile Authentication Flow", + "providerId": "basic-flow", + "topLevel": true, + "builtIn": true, + "authenticationExecutions": [ + { + "authenticator": "http-basic-authenticator", + "authenticatorFlow": false, + "requirement": "REQUIRED", + "priority": 10, + "autheticatorFlow": false, + "userSetupAllowed": false + } + ] + } + ], + "authenticatorConfig": [ + { + "id": "44b0632e-0f68-4aac-8b8a-556a64966710", + "alias": "create unique user config", + "config": { + "require.password.update.after.registration": "false" + } + }, + { + "id": "6e12cea5-f183-425d-b5f7-9aaf3d8a89be", + "alias": "review profile config", + "config": { + "update.profile.on.first.login": "missing" + } + } + ], + "requiredActions": [ + { + "alias": "CONFIGURE_TOTP", + "name": "Configure OTP", + "providerId": "CONFIGURE_TOTP", + "enabled": true, + "defaultAction": false, + "priority": 10, + "config": {} + }, + { + "alias": "TERMS_AND_CONDITIONS", + "name": "Terms and Conditions", + "providerId": "TERMS_AND_CONDITIONS", + "enabled": false, + "defaultAction": false, + "priority": 20, + "config": {} + }, + { + "alias": "UPDATE_PASSWORD", + "name": "Update Password", + "providerId": "UPDATE_PASSWORD", + "enabled": true, + "defaultAction": false, + "priority": 30, + "config": {} + }, + { + "alias": "UPDATE_PROFILE", + "name": "Update Profile", + "providerId": "UPDATE_PROFILE", + "enabled": true, + "defaultAction": false, + "priority": 40, + "config": {} + }, + { + "alias": "VERIFY_EMAIL", + "name": "Verify Email", + "providerId": "VERIFY_EMAIL", + "enabled": true, + "defaultAction": false, + "priority": 50, + "config": {} + }, + { + "alias": "delete_account", + "name": "Delete Account", + "providerId": "delete_account", + "enabled": false, + "defaultAction": false, + "priority": 60, + "config": {} + }, + { + "alias": "webauthn-register", + "name": "Webauthn Register", + "providerId": "webauthn-register", + "enabled": true, + "defaultAction": false, + "priority": 70, + "config": {} + }, + { + "alias": "webauthn-register-passwordless", + "name": "Webauthn Register Passwordless", + "providerId": "webauthn-register-passwordless", + "enabled": true, + "defaultAction": false, + "priority": 80, + "config": {} + }, + { + "alias": "update_user_locale", + "name": "Update User Locale", + "providerId": "update_user_locale", + "enabled": true, + "defaultAction": false, + "priority": 1000, + "config": {} + } + ], + "browserFlow": "browser", + "registrationFlow": "registration", + "directGrantFlow": "direct grant", + "resetCredentialsFlow": "reset credentials", + "clientAuthenticationFlow": "clients", + "dockerAuthenticationFlow": "docker auth", + "attributes": { + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaExpiresIn": "120", + "cibaAuthRequestedUserHint": "login_hint", + "oauth2DeviceCodeLifespan": "600", + "oauth2DevicePollingInterval": "5", + "parRequestUriLifespan": "60", + "cibaInterval": "5", + "realmReusableOtpCode": "false" + }, + "keycloakVersion": "21.0.1", + "userManagedAccessAllowed": false, + "clientProfiles": { + "profiles": [] + }, + "clientPolicies": { + "policies": [] + }, + "users": [ + { + "id": "8a0589d9-c401-4ba2-946e-9fb980b450b5", + "createdTimestamp": 1678696406357, + "username": "admin", + "enabled": true, + "totp": false, + "emailVerified": true, + "firstName": "", + "lastName": "", + "email": "admin@jaconi.io", + "credentials": [ + { + "id": "e43ec330-251c-44ea-9f7d-991df3badd97", + "type": "password", + "userLabel": "My password", + "createdDate": 1678696435079, + "secretData": "{\"value\":\"EEQrdzvXn4kFOP2Pww0LLHVCP+JYntaAfYgM3wuqrnQ=\",\"salt\":\"fP1afARDdiPHGWxruqiRkA==\",\"additionalParameters\":{}}", + "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" + } + ], + "disableableCredentialTypes": [], + "requiredActions": [], + "realmRoles": [ + "default-roles-helm-charts" + ], + "notBefore": 0, + "groups": [] + } + ] +} \ No newline at end of file diff --git a/kind.yaml b/kind.yaml new file mode 100644 index 0000000..5d7c7af --- /dev/null +++ b/kind.yaml @@ -0,0 +1,3 @@ +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +name: jaconi-helm-charts diff --git a/netbird-dashboard/templates/deployment.yaml b/netbird-dashboard/templates/deployment.yaml index 2e05351..881eef4 100644 --- a/netbird-dashboard/templates/deployment.yaml +++ b/netbird-dashboard/templates/deployment.yaml @@ -39,10 +39,7 @@ spec: - name: AUTH_AUTHORITY value: {{ .Values.auth.authority }} - name: AUTH_CLIENT_ID - valueFrom: - secretKeyRef: - name: {{ .Values.auth.clientIDSecret.name }} - key: {{ .Values.auth.clientIDSecret.key }} + value: {{ .Values.auth.clientID }} - name: AUTH_SUPPORTED_SCOPES value: {{ .Values.auth.supportedScopes }} - name: USE_AUTH0 diff --git a/netbird-dashboard/values.yaml b/netbird-dashboard/values.yaml index 52e7d9d..72040fe 100644 --- a/netbird-dashboard/values.yaml +++ b/netbird-dashboard/values.yaml @@ -2,17 +2,12 @@ auth: ## @param auth.authority Authority to use for authentication. Must expose a .well-known/oidc-configuration endpoint. - authority: https://example.com + authority: http://keycloak.localtest.me:9000/realms/helm-charts ## @param auth.audience Audience of the authentication tokens. - audience: "" + audience: "netbird-dashboard" - clientIDSecret: - ## @param auth.clientIDSecret.name Name of the secret containing the client ID. - name: netbird-dashboard-client-id - - ## @param auth.clientIDSecret.key Key of the secret containing the client ID. - key: clientID + clientID: netbird-dashboard ## @param auth.supportedScopes Supported OpenID scopes # - Auth0: openid profile email offline_access api email_verified @@ -26,7 +21,7 @@ auth: netbird: ## @param netbird.managementApiEndpoint - managementApiEndpoint: https://netbird.ipc.wandelbots.io + managementApiEndpoint: http://localtest.me:8081 ## @section Common configuration ## @descriptionStart diff --git a/netbird-management/management.tmpl.json b/netbird-management/management.tmpl.json index dbcfdca..6308a24 100644 --- a/netbird-management/management.tmpl.json +++ b/netbird-management/management.tmpl.json @@ -11,7 +11,7 @@ "Turns": [ { "Proto": "udp", - "URI": "turn:${NETBIRD_DOMAIN:-}:3478", + "URI": "turn:${NETBIRD_DOMAIN}:3478", "Username": "${NETBIRD_TURN_USER:-self}", "Password": "${NETBIRD_TURN_PASSWORD:-}" } @@ -22,27 +22,30 @@ }, "Signal": { "Proto": "http", - "URI": "${NETBIRD_DOMAIN:-example.com}:10000", + "URI": "${NETBIRD_DOMAIN}:10000", "Username": "", "Password": null }, "Datadir": "", "HttpConfig": { - "Address": "0.0.0.0:${NETBIRD_MGMT_API_PORT:-33073}", - "AuthAudience": "${NETBIRD_AUTH_AUDIENCE:-}", + "Address": "0.0.0.0:80", + "AuthAudience": "${NETBIRD_AUTH_AUDIENCE}", "AuthUserIDClaim": "${NETBIRD_AUTH_USER_ID_CLAIM:-sub}", - "CertFile": "${NETBIRD_MGMT_API_CERT_FILE:-/etc/letsencrypt/live/${NETBIRD_DOMAIN:-example.com}/fullchain.pem}", - "CertKey": "${NETBIRD_MGMT_API_CERT_KEY_FILE:-/etc/letsencrypt/live/${NETBIRD_DOMAIN:-example.com}/privkey.pem}", - "OIDCConfigEndpoint": "${NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT:-https://example.com/.well-known/openid-configuration}" + "CertFile": "${NETBIRD_MGMT_API_CERT_FILE}", + "CertKey": "${NETBIRD_MGMT_API_CERT_KEY_FILE}", + "OIDCConfigEndpoint": "${NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT}" }, "IdpManagerConfig": { "Manager": "none" }, "DeviceAuthorizationFlow": { - "Provider": "${NETBIRD_AUTH_DEVICE_AUTH_PROVIDER:-none}", + "Provider": "${NETBIRD_AUTH_DEVICE_AUTH_PROVIDER}", "ProviderConfig": { - "Audience": "${NETBIRD_AUTH_AUDIENCE:-}", - "ClientID": "${NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID:-}" + "Audience": "${NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE}", + "ClientID": "${NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID}", + "DeviceAuthEndpoint": "${NETBIRD_AUTH_DEVICE_AUTH_DEVICE_AUTHORIZATION_ENDPOINT}", + "Domain": "${NETBIRD_AUTH_DEVICE_AUTH_AUTHORITY}", + "TokenEndpoint": "${NETBIRD_AUTH_DEVICE_AUTH_TOKEN_ENDPOINT}" } } } diff --git a/netbird-management/templates/deployment.yaml b/netbird-management/templates/deployment.yaml index 0d509f5..ecd67e7 100644 --- a/netbird-management/templates/deployment.yaml +++ b/netbird-management/templates/deployment.yaml @@ -13,10 +13,11 @@ spec: {{- include "netbird-management.selectorLabels" . | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} annotations: - {{- toYaml . | nindent 8 }} - {{- end }} + checksum/config: {{ include (print .Template.BasePath "/cm.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} labels: {{- include "netbird-management.selectorLabels" . | nindent 8 }} spec: @@ -42,6 +43,26 @@ spec: value: {{ .Values.domain }} - name: NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT value: "{{ .Values.auth.authority }}/.well-known/openid-configuration" + - name: NETBIRD_MGMT_API_CERT_FILE + value: "" + - name: NETBIRD_MGMT_API_CERT_KEY_FILE + value: "" + - name: NETBIRD_AUTH_AUDIENCE + value: {{ .Values.auth.audience }} + - name: NETBIRD_AUTH_DEVICE_AUTH_PROVIDER + value: {{ .Values.auth.device.provider }} + {{- if eq .Values.auth.device.provider "hosted" }} + - name: NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE + value: "{{ .Values.auth.device.audience }}" + - name: NETBIRD_AUTH_DEVICE_AUTH_AUTHORITY + value: "{{ .Values.auth.device.authority }}" + - name: NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID + value: "{{ .Values.auth.device.clientID }}" + - name: NETBIRD_AUTH_DEVICE_AUTH_DEVICE_AUTHORIZATION_ENDPOINT + value: "{{ .Values.auth.device.deviceAuthorizationEndpoint }}" + - name: NETBIRD_AUTH_DEVICE_AUTH_TOKEN_ENDPOINT + value: "{{ .Values.auth.device.tokenEndpoint }}" + {{- end }} volumeMounts: - mountPath: /etc/netbird name: config @@ -53,18 +74,11 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + args: ["--log-level", "debug"] ports: - name: http containerPort: {{ .Values.service.port }} protocol: TCP - livenessProbe: - httpGet: - path: / - port: http - readinessProbe: - httpGet: - path: / - port: http resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: diff --git a/netbird-management/values.yaml b/netbird-management/values.yaml index d72c7b7..d4faf84 100644 --- a/netbird-management/values.yaml +++ b/netbird-management/values.yaml @@ -3,9 +3,18 @@ # Declare variables to be passed into your templates. auth: - authority: https://example.com + audience: account + authority: http://keycloak.localtest.me:9000/realms/helm-charts + device: + provider: none + # provider: hosted + # audience: account + # authority: http://keycloak.localtest.me:9000/realms/helm-charts + # clientID: netbird-management + # deviceAuthorizationEndpoint: http://keycloak.localtest.me:9000/realms/helm-charts/protocol/openid-connect/auth/device + # tokenEndpoint: http://keycloak.localtest.me:9000/realms/helm-charts/protocol/openid-connect/token -domain: example.com +domain: localtest.me replicaCount: 1