From 9715320a77aa172f3475c744702823240207fd1c Mon Sep 17 00:00:00 2001
From: Martin Weise <martin.weise@tuwien.ac.at>
Date: Mon, 3 Feb 2025 09:36:19 +0100
Subject: [PATCH] Bumped keycloak config
Signed-off-by: Martin Weise <martin.weise@tuwien.ac.at>
---
helm/dbrepo/templates/auth-configmap.yaml | 36 ++++++++++++++---------
1 file changed, 22 insertions(+), 14 deletions(-)
diff --git a/helm/dbrepo/templates/auth-configmap.yaml b/helm/dbrepo/templates/auth-configmap.yaml
index ffd14c4b17..05163f32d2 100644
--- a/helm/dbrepo/templates/auth-configmap.yaml
+++ b/helm/dbrepo/templates/auth-configmap.yaml
@@ -5,7 +5,7 @@ metadata:
name: auth-service-config
namespace: {{ include "common.names.namespace" . | quote }}
data:
- dbrepo-realm.json: |
+ dbrepo-realm.json: |-
{
"id" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
"realm" : "dbrepo",
@@ -35,7 +35,7 @@ data:
"oauth2DevicePollingInterval" : 5,
"enabled" : true,
"sslRequired" : "none",
- "registrationAllowed" : false,
+ "registrationAllowed" : true,
"registrationEmailAsUsername" : false,
"rememberMe" : false,
"verifyEmail" : true,
@@ -2140,11 +2140,15 @@ data:
"protocolMapper" : "oidc-usermodel-realm-role-mapper",
"consentRequired" : false,
"config" : {
+ "introspection.token.claim" : "true",
+ "userinfo.token.claim" : "false",
+ "multivalued" : "true",
"user.attribute" : "foo",
+ "id.token.claim" : "true",
+ "lightweight.claim" : "false",
"access.token.claim" : "true",
"claim.name" : "realm_access.roles",
- "jsonType.label" : "String",
- "multivalued" : "true"
+ "jsonType.label" : "String"
}
}, {
"id" : "a7bd6723-e58e-47f7-95c0-2925ce99283d",
@@ -2174,8 +2178,12 @@ data:
"strictTransportSecurity" : "max-age=31536000; includeSubDomains"
},
"smtpServer" : { },
+ "loginTheme" : "keycloak",
+ "accountTheme" : "",
+ "adminTheme" : "",
+ "emailTheme" : "",
"eventsEnabled" : false,
- "eventsListeners" : [ "jboss-logging" ],
+ "eventsListeners" : [ "create-event-listener", "jboss-logging" ],
"enabledEventTypes" : [ "SEND_RESET_PASSWORD", "UPDATE_CONSENT_ERROR", "GRANT_CONSENT", "VERIFY_PROFILE_ERROR", "REMOVE_TOTP", "REVOKE_GRANT", "UPDATE_TOTP", "LOGIN_ERROR", "CLIENT_LOGIN", "RESET_PASSWORD_ERROR", "IMPERSONATE_ERROR", "CODE_TO_TOKEN_ERROR", "CUSTOM_REQUIRED_ACTION", "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", "RESTART_AUTHENTICATION", "IMPERSONATE", "UPDATE_PROFILE_ERROR", "LOGIN", "OAUTH2_DEVICE_VERIFY_USER_CODE", "UPDATE_PASSWORD_ERROR", "CLIENT_INITIATED_ACCOUNT_LINKING", "TOKEN_EXCHANGE", "AUTHREQID_TO_TOKEN", "LOGOUT", "REGISTER", "DELETE_ACCOUNT_ERROR", "CLIENT_REGISTER", "IDENTITY_PROVIDER_LINK_ACCOUNT", "DELETE_ACCOUNT", "UPDATE_PASSWORD", "CLIENT_DELETE", "FEDERATED_IDENTITY_LINK_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN", "CLIENT_DELETE_ERROR", "VERIFY_EMAIL", "CLIENT_LOGIN_ERROR", "RESTART_AUTHENTICATION_ERROR", "EXECUTE_ACTIONS", "REMOVE_FEDERATED_IDENTITY_ERROR", "TOKEN_EXCHANGE_ERROR", "PERMISSION_TOKEN", "SEND_IDENTITY_PROVIDER_LINK_ERROR", "EXECUTE_ACTION_TOKEN_ERROR", "SEND_VERIFY_EMAIL", "OAUTH2_DEVICE_AUTH", "EXECUTE_ACTIONS_ERROR", "REMOVE_FEDERATED_IDENTITY", "OAUTH2_DEVICE_CODE_TO_TOKEN", "IDENTITY_PROVIDER_POST_LOGIN", "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", "UPDATE_EMAIL", "REGISTER_ERROR", "REVOKE_GRANT_ERROR", "EXECUTE_ACTION_TOKEN", "LOGOUT_ERROR", "UPDATE_EMAIL_ERROR", "CLIENT_UPDATE_ERROR", "AUTHREQID_TO_TOKEN_ERROR", "UPDATE_PROFILE", "CLIENT_REGISTER_ERROR", "FEDERATED_IDENTITY_LINK", "SEND_IDENTITY_PROVIDER_LINK", "SEND_VERIFY_EMAIL_ERROR", "RESET_PASSWORD", "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR", "OAUTH2_DEVICE_AUTH_ERROR", "UPDATE_CONSENT", "REMOVE_TOTP_ERROR", "VERIFY_EMAIL_ERROR", "SEND_RESET_PASSWORD_ERROR", "CLIENT_UPDATE", "CUSTOM_REQUIRED_ACTION_ERROR", "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "UPDATE_TOTP_ERROR", "CODE_TO_TOKEN", "VERIFY_PROFILE", "GRANT_CONSENT_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR" ],
"adminEventsEnabled" : false,
"adminEventsDetailsEnabled" : false,
@@ -2223,7 +2231,7 @@ data:
"subType" : "anonymous",
"subComponents" : { },
"config" : {
- "allowed-protocol-mapper-types" : [ "oidc-address-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "oidc-full-name-mapper", "saml-role-list-mapper" ]
+ "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper" ]
}
}, {
"id" : "1849e52a-b8c9-44a8-af3d-ee19376a1ed1",
@@ -2249,7 +2257,7 @@ data:
"subType" : "authenticated",
"subComponents" : { },
"config" : {
- "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "oidc-address-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper", "saml-role-list-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper" ]
+ "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "saml-user-property-mapper" ]
}
} ],
"org.keycloak.storage.UserStorageProvider" : [ {
@@ -2265,8 +2273,8 @@ data:
"config" : {
"ldap.attribute" : [ "createTimestamp" ],
"is.mandatory.in.ldap" : [ "false" ],
- "read.only" : [ "true" ],
"always.read.value.from.ldap" : [ "true" ],
+ "read.only" : [ "true" ],
"user.model.attribute" : [ "createTimestamp" ]
}
}, {
@@ -2277,8 +2285,8 @@ data:
"config" : {
"ldap.attribute" : [ "sn" ],
"is.mandatory.in.ldap" : [ "true" ],
- "always.read.value.from.ldap" : [ "true" ],
"read.only" : [ "false" ],
+ "always.read.value.from.ldap" : [ "true" ],
"user.model.attribute" : [ "lastName" ]
}
}, {
@@ -2289,8 +2297,8 @@ data:
"config" : {
"ldap.attribute" : [ "cn" ],
"is.mandatory.in.ldap" : [ "true" ],
- "always.read.value.from.ldap" : [ "true" ],
"read.only" : [ "false" ],
+ "always.read.value.from.ldap" : [ "true" ],
"user.model.attribute" : [ "firstName" ]
}
}, {
@@ -2301,8 +2309,8 @@ data:
"config" : {
"ldap.attribute" : [ "mail" ],
"is.mandatory.in.ldap" : [ "false" ],
- "read.only" : [ "false" ],
"always.read.value.from.ldap" : [ "false" ],
+ "read.only" : [ "false" ],
"user.model.attribute" : [ "email" ]
}
}, {
@@ -2315,7 +2323,7 @@ data:
"group.name.ldap.attribute" : [ "cn" ],
"preserve.group.inheritance" : [ "false" ],
"membership.user.ldap.attribute" : [ "uid" ],
- "groups.dn" : [ "ou=users,{{ .Values.identityservice.global.ldapDomain }}" ],
+ "groups.dn" : [ "ou=users,dc=dbrepo,dc=at" ],
"mode" : [ "LDAP_ONLY" ],
"user.roles.retrieve.strategy" : [ "LOAD_GROUPS_BY_MEMBER_ATTRIBUTE" ],
"membership.ldap.attribute" : [ "member" ],
@@ -2344,8 +2352,8 @@ data:
"subComponents" : { },
"config" : {
"ldap.attribute" : [ "uid" ],
- "is.mandatory.in.ldap" : [ "true" ],
"attribute.force.default" : [ "false" ],
+ "is.mandatory.in.ldap" : [ "true" ],
"is.binary.attribute" : [ "false" ],
"read.only" : [ "false" ],
"always.read.value.from.ldap" : [ "false" ],
@@ -3014,7 +3022,7 @@ data:
"policies" : [ ]
}
}
- master-realm.json: |
+ master-realm.json: |-
{
"id" : "afe47bd0-61f8-40c3-95cb-04930407ebdd",
"realm" : "master",
--
GitLab