From fadcb5a4ef6c6c263299e6266f582858db45b3ab Mon Sep 17 00:00:00 2001
From: Martin Weise <martin.weise@tuwien.ac.at>
Date: Sun, 26 Jan 2025 13:42:50 +0100
Subject: [PATCH] WIP
Signed-off-by: Martin Weise <martin.weise@tuwien.ac.at>
---
.docs/changelog.md | 11 +
dbrepo-auth-service/create-event-listener.jar | Bin 9338 -> 0 bytes
dbrepo-auth-service/dbrepo-realm.json | 24 +-
.../.gitignore | 0
.../pom.xml | 15 +
.../src/main/java/at/tuwien/Client.java | 22 +-
.../tuwien/CreateEventListenerProvider.java | 16 +-
.../CreateEventListenerProviderFactory.java | 0
.../META-INF/jboss-deployment-structure.xml | 0
...ycloak.events.EventListenerProviderFactory | 0
.../tuwien/EventListenerIntegrationTest.java | 18 +
.../test/resources/create-event-listener.jar | Bin 0 -> 10015 bytes
.../src/test/resources/dbrepo-realm.json | 2798 +++++++++++++++++
dbrepo-metadata-db/1_setup-schema.sql | 4 +-
.../at/tuwien/api/auth/CreateUserDto.java | 31 +-
.../at/tuwien/api/user/UserDetailsDto.java | 5 -
.../java/at/tuwien/entities/user/User.java | 3 -
.../java/at/tuwien/mapper/MetadataMapper.java | 19 +-
.../at/tuwien/repository/UserRepository.java | 2 -
.../at/tuwien/endpoints/UserEndpoint.java | 49 +-
.../endpoints/UserEndpointUnitTest.java | 84 +-
.../gateway/KeycloakGatewayUnitTest.java | 69 +-
...nticationPrivilegedIntegrationMvcTest.java | 20 +-
.../tuwien/mvc/PrometheusEndpointMvcTest.java | 18 +-
.../AuthenticationServiceIntegrationTest.java | 24 +-
.../service/UserServicePersistenceTest.java | 30 +-
.../tuwien/service/UserServiceUnitTest.java | 7 +-
.../java/at/tuwien/utils/KeycloakUtils.java | 52 +-
.../at/tuwien/gateway/KeycloakGateway.java | 11 -
.../gateway/impl/KeycloakGatewayImpl.java | 33 +-
.../tuwien/service/AuthenticationService.java | 14 -
.../java/at/tuwien/service/UserService.java | 12 +-
.../impl/AuthenticationServiceImpl.java | 17 +-
.../tuwien/service/impl/UserServiceImpl.java | 23 +-
.../main/java/at/tuwien/test/BaseTest.java | 54 +-
docker-compose.yml | 6 +-
36 files changed, 3037 insertions(+), 454 deletions(-)
delete mode 100644 dbrepo-auth-service/create-event-listener.jar
rename dbrepo-auth-service/{create-event-listener => listeners}/.gitignore (100%)
rename dbrepo-auth-service/{create-event-listener => listeners}/pom.xml (84%)
rename dbrepo-auth-service/{create-event-listener => listeners}/src/main/java/at/tuwien/Client.java (61%)
rename dbrepo-auth-service/{create-event-listener => listeners}/src/main/java/at/tuwien/CreateEventListenerProvider.java (85%)
rename dbrepo-auth-service/{create-event-listener => listeners}/src/main/java/at/tuwien/CreateEventListenerProviderFactory.java (100%)
rename dbrepo-auth-service/{create-event-listener => listeners}/src/main/resources/META-INF/jboss-deployment-structure.xml (100%)
rename dbrepo-auth-service/{create-event-listener => listeners}/src/main/resources/META-INF/services/org.keycloak.events.EventListenerProviderFactory (100%)
create mode 100644 dbrepo-auth-service/listeners/src/test/java/at/tuwien/EventListenerIntegrationTest.java
create mode 100644 dbrepo-auth-service/listeners/src/test/resources/create-event-listener.jar
create mode 100644 dbrepo-auth-service/listeners/src/test/resources/dbrepo-realm.json
diff --git a/.docs/changelog.md b/.docs/changelog.md
index e2bb59c374..7268fd522c 100644
--- a/.docs/changelog.md
+++ b/.docs/changelog.md
@@ -2,6 +2,17 @@
author: Martin Weise
---
+## v1.6.3 (2025-01-27)
+
+[:simple-gitlab: GitLab Release](https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/tags/v1.6.3)
+
+### What's Changed
+
+#### Changes
+
+* Refactored the UI to support OIDC and added an event listener to the Auth Service that syncs users on creation to the
+ Metadata DB in [#488](https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/issues/488).
+
## v1.6.2 (2025-01-24)
[:simple-gitlab: GitLab Release](https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/tags/v1.6.2)
diff --git a/dbrepo-auth-service/create-event-listener.jar b/dbrepo-auth-service/create-event-listener.jar
deleted file mode 100644
index fd07f62a743ee039a934e33de6d18ae9e28ac653..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 9338
zcmWIWW@Zs#VBp|j_&dciiX(dO)gnd)hBHhI3?d8+48E=*j=G+HZu-8Cex7cw!6ACS
zZoNSViw-FW>`hnue}JDs>T*WW>TegUZk@|`J9olTBef%qzH92^d(8ai`rT&Uu%W-U
zf4ffWMJ}03<{SL3t0_C1aWv0lZ49{Z(oos^Vw2+cu)I?4X+04&PCnAHVkL2JUR3d4
zikEIbsCmiDyK$dT?bQe;x2`*f_AOg<P`5N8TKA#Y&0_c1m$#Q_X3d`Xb4yv@6ZcI`
zO*ULS&C9dmomkoaKil0{r<_u5|K$J4osqgmn_Tbg?)iN9;ejnhJhPkG4!5K*?KC^Z
z)xK@wjfjFjI{od9=2jn1$81^jyt*NV`?7pp>5=H)k6x@~mJ|$~c;xQC$dG?KxpQar
z=iPrS{H)qzvEkl?>zfvBz9li?#?!fLHkJ3@eQ@XeZMF1G>wfU{ZCZ159sdmfqMLtN
zxz=8PBk$+^R)FV5@k7xqzkIAa-2{(J@Jm=R<y5yxm#`s&DF5Y&O`eO2B>UN3eyGV$
zKE1klf98V>#)_x5EY(*paei#li`p|W@dGC)j<^^YI2gcj#DD}ik>d!V?9UX-C?r)3
zLdeRBQ;W(nlT(ZJ5$ZuvkF1`Vfq@~h1djqPh=P*R^32pcJnHz7EzV6W!>d>lQ*mO6
z9zi?w@o7sgN=+<D)lDr+%`4H($t*5O%}Xr;I~bDaK_T^LUYk=F0|Ubc1_lNVWW%zO
z@{5agQ&J0Z@+)&e1{9YRl_r;z7NzP{<mM>U_Brx383?$3pR;IY?aFsCA~!0TY#Fu*
z2W46>yDYSGFN^Yw85XPOf1mu_z5M)xqb;4XN7?$mGP1ZiUpu<6@%2+3{|j5E?z`U+
z8C6p;i}{$2<?^H=&l_P$mV3kVKQv0beN=qHI&QVYwhEDr{5KeuE|e=YoA;}bdy=8=
zIfdqcc)zdOu{XD^yE;ET9u$)Z|M>i7S*6Foz@Wpxz~F@JA9&2?7p3cEr&cEC<R@n9
zfy1U)&lMCzKF|;fD9SI(Oi3+rOH3}wFRJv`xu~tFd*0{l<zhWAUmed<UGKBnA5ZG&
zd7kyw<<dB%f7-`Wx5(Q^@1*`J76ycCK<VoLr{>-MObiUySQ!|MP?C)^IBxLStCyUU
zSX?|e_;#L9ph)cO+YCY72^+U=>)JNWJMqIo^);P}*91IGlRRo<+LZlfo|`a}@$&vl
z;<GazvHu7>X4@{P8RT7Sd422kxazmXb$|Z+l0CpErz+?a;i%H8k<{{KquI5P;LX2Y
zt$w%hg00h=&P2(3!A?5@-e`0Pmzny1b(7~!T*>R6F|Wc-Y}$3B82^Yvm2Yn(FIJzU
zBBD}zE4#&MVXAd)se)hW<!fxOI`0ZETfL9xTkgYMZMj#w=URkuWbaB@%Q1gj65Afn
zHA-tAxN%9QaQ^o0w761ozRYiD7pMBevy+0(EnXrL9y??4x`f_<Xes-vBAEqwhq6v@
zICAmD674zLqpm-h>~s2>>E^|jZTtE8l<%=0Rt<>`*W7dNOY`TYh5x4&H5mWuRnIwZ
zd2Pem?{4+W*WPwMsH^M}Tkm<}4||`0{H=A@r}VrEvi%X;G+)U)qT=}Z2U<QlQ~P75
zNxkJ>e^dF6j!1O<yqep^Jgd)d5dZ(xqpk7#t1qbnlX9z{ym)lsL-daF%EPPnNja^`
z{1|)qN=*0;F0Gbc?!BQ4gf?-n+v&sUFmJyfM~v?O%GUIMuWX)GEdS(V<L;fl;QStr
zhhqJPl`{@l^{?b)klu0D_~(9o4m*b#AA5eYJ&paz)9GK#qCH8$oRO8~UzTur%01m2
z_K^Nmm4DYJ%w4!Zll7tAJI^kgckyl;>llwRzwzk0yHYx}a$iGI_A$;`Rv!hb9TQYH
z7|!uLTRmYuC$GQL<?}a=I0-~0Z&|Msrd5CN>(3WA#f~%`Q51O^F{x^D&Gvq+tc^#I
zGCwGJ#tFL^E3h*#i10Enh@mFWoXpg`5=av44f|a$6Dn&v`S`gstCz{QP58ZKy`s&0
zw{r(=$l>yE@=}_uruOohiH2WUzS(4-v~9+lIX`xC*)41c)7{r~{!w&SUY2rhsLq4=
z3iiM97ks^Q(|1#*d4~PVxx2s5`@Q#h^}hSR_kNfEzq5w*0CPpOv+S!-lNT8-E(fnk
z7T@!^wQRCKpYOSjoCOL+SBlm=aAf`Z@mx=rhGW_Uo-Xcb1(Wug-B#f8J-BRgt?gfD
z=YHG5B$c&}?wh;LT5U^sZMAxFcb&qs3{!okhi9~J$oq$%Wt;c($!_a>*{r6n8GUbW
zI4W(M9e!bA+1{F>v`b(As<3}@QN8?!YrS>XT&`^)A3Y_1*YM_MgkN0vxc0`<1-Xl_
zKA9#w`RJc1P1e~3-uKr8l&8BL&f62;y6|z?o5=ThJ3Jb*e%2PZCK!f%oYJ+I>)V=z
zY&p?Se19kE$In?jr`A8sRdGX%de>jBzAu)ar#-hSIyS@H_Vk=Bt$|PHB>rrB%+{vQ
zbolENeZ}ooOCItaNsX}<-Et*p=APXJ0j^HR6;(uEC>{}X{B-05L+XjDLp&@q^JErr
z?TC)r6@8q&pug$Z0afi&0`cr#!X^6ef<HRSx)=Qa^_JuQ8?lzludVn@m%iuu;QRXe
zvt6Mj#dW2d>^ZnzGe`whI2>=T=&1CJl`CxTa$I;KC$D4vt1~Vi4XO`2FHRP^vHG##
z%8Ox4?nhoO`q1ns=(BsLM&Cr$wMN0sM{XoJx?Ehp;Hr*Dj&}B`-bu!GFC~s9XcfBL
z`n93&xI=nU_O>=#t7j)K{O>PW#pTU)yp$(#M&y~|pl9bY6F)uKvi3yM&XccZ=FMzX
zwsJFErf@3Nw!87e(&KZ5ZKaGXRz6y6b*#|qU|$rQ#7@@plNj@R{J(feN!qM?oV-cT
z#P6nSeUwnO({c5LX`Q_s`yW{Cdr?}fbmk4C=*_7ITI_m7<{p?OyjoH=`KqARvIE8!
zt<ujGt#nrPk2+{lU6)|hsK2>%fg9%qgU%gYlC0L@FTRT`U)G{tq<rWMr+@3(1+}Sp
z2O__&vC+M0Z51OjBPS)ERbi%9=xVhcFLi7xJ8D+e_;!SxatdsUIKORu<Eh(ar)#Pw
z9XS;x9X!uEy@xA5uHu;DKVy@~nRc3|FD(~2lKtd_%iCGW4~?zty3ZTldNR>Fny-0-
za@^*MS3maj=|AZ1nWWwCcv|aZqSCcFwQTW0A5&%HC$cA1^YVB{I{w=fIcJ}n^+JKG
zc2m7`xz4|;@Js8Pw)s!a&xBPK`%b+$a3L!!!=hQdw8r_@B15C*L*LKt>2N$4Ia4QE
z^}+3+2k$j3KHOWLk#nn9Jf)MzH0!Xp)xPfcni-4kPGy?E!t7%9?0x5}wmr-}bh+kr
zAJ?pKA+zLLu3Gm4>{z2yWctLPtF@Y|WuCa2cWsOD)KjsNIULJ$<Iml#nSSZhvZmMU
zLB87FDZv*vhp(Gh^=;;!*Qd35JsU;ec;&|kcCISk`S9GWt<9z9qRVH9#xaymzOqU;
z_V<QD&m(I^LR~}BLqZc&x6hH>5M$EMmR44FK_}$T^)N#fQQKKtwflK;ujp1q7M_{3
zz&F*C&-3(}^S0}xe>A3xoqBrnzR<x`-qSxecU@1N6%)9jTsL5v@%wXKUVBcZKASO<
zH>Q8;kC;-XkcQO7f0s?(+`8ZV?XJy7oq9j*x#(1Bd!^yJ)$Z-HUYO=qPgy!$e|mP$
zW5dbsp7%_-Xm4hg!*Txc)_JKB7K>ayhF_b+rBuK>Q+v;^!zm9<m@N;?s7?&yjz4-|
z^v&=6HK8AuHQjyBn|kJSf?Y|-KAD66Wj_TTi(@ybnXmqh{b7ditDDbfPkPI5Iq6CG
z!|fjr2u%rhK2f=CV!;MU{moZTGyLJOf3}^|-cda;X3d}3iv#=i3TN+X@qO8SLoEBH
z*21l?txW3jt2xh}-jQsxEuXVI?(MD?X4N~U6&qR(U!Pz#FGJ&DhSIl%LRCT=_uW{m
z%A?{X;bXeRT;TgeA-^rch6gwH-@kt2(hlDI`R?t1_La(QO!ev8ZW8Cl7jfvz)zpZ`
zr)S8jSLAUnpDwUOY0_DzzpqzlCvLP2I<)+F@T<}-u}6a6W^wwTe!2cs-0N29|BrU9
zkAEN;b8KdzQ2j%reViq_52M55dFR$M=Wn`nwf&OM!ntqDytXv2e=+yUcG2paa!*_f
zC3Y9s=N)$5^GUw7(eapav+WFpLr3i99ILZ&{dw+F<Ts=6KU|!9j=A46y>ry|-9x?d
z$GZEj{qyt=`gL5hoF)9jWrHU6LO%P$=QaN&?rGqzXzgL!*bx6<dd7mkI&c5ZQnd8W
z-hVKE=O@umKV`44+9GxMec-oevN2C2b{JPEu6V!5`RKc4(kYUO>VI~JyL!2{y(oXm
zeT(b%UGtQ<58AVh4gWO0md^OdGx<UPYRS^-9qhuY%i<30yuQIVZEDce(Al25Mbd5w
z>9y{E{XzX)4Dapz5AtO$->7E3?z#K#e$*!4)VOl12p$H8Rv88cZPYpycaslN(Qb|4
ztO&U(`p<ux`Ai!Ho@|E_j>a=7i3$o%hmtrPn<h7KvarU)rNvEZJn1v1QrIDTZApIa
z+qez4_HJF9D>^+RX=@o{^wz8E$`<dw`!=n7?OV(5duRF_N}06&e)x}~`?2Rg&3`)2
zx_`gPFOCM^k`uj5B3T-j0(*p<ekvxP;Be`Uh))PVuV|bi=w;@XB$#cy@WS)=dac|`
zrS4drS|B`4I_!X#Z0C%P4&H}MbT*fs=!rb&amgq-Eva0|PK0wdXVWy3$tOK*j;S|&
zbcuhkp;AYrSGt{<`QrvjUpBqcW3k`1Ei*cEM2GjORoY?a2(w;e9Sv^*Sq~%r`S$A5
z{UZIjud1v%bJdXlGw0DPcH>#kcD7n+ZRk+!JocNT`^rjZ+m9(m2ZU<{-Skhy-+ObY
zl4b8<n@6$pzGxNPv5*(f`0y&C%ggDgMccAB9&A_K+}57o@=ZqCgwtC+Ys%ihZ6-Sd
zTc1jWy;#xKzoEdWQ)1bMo0DI?Rt@>xlzi>oCZRnmH7zdw^Zl16o)ytv;bXY^{+U@j
zB%7>czeac#L>B(mQG75v=7ie+ooBo@a;-Ksc@fdPwMDhkG{tZ3+UZ+L-)6p5i7`->
zTD`&VxNF4uU$d?+>(SVK)Fz(q?YC}QsZx_f<%4G%@{M(sm2Rj1mYEnFrXrPL&Nkad
z#%OkF&cUNTS2<eGIG#2;dt=+Z5S^5b=4{*Cq8@Eb$!e%wz!QCOQR3{rupIR>67Eyh
z-jVj-BDJv2X=y%}*T1}pW$k@tZ?-HAU3XJV?abGw3_Exnw`9M#u#tOr<Q2`ivmO0}
zRo9$-C|}96I`)@Vk#%WFBENg6R;HT7$yJ_@3iFF}+)X;u?pl58Ok1kcqO+~_bOGzP
zY>Net71pU#ELU>YC_a~GtG1!!=Q5#+T~=JazgsH)U$t7-crbCINpfQ3t+a@?O$q-t
z3;8M@l2M;kbM|3l$K9{qEVHeu4o(bNlT;!!Jyl4s?7W|`q`#`uvhoWXeo2Rh$hn0a
zZs?oQ5HVHTh3BET#AB}+OL_7p-#R-bM&gWGUZKU(PW2KM!-pNRvrH#HQJ)?AE$&>0
zGt2pPj>d@{)&0o@A;%44j&Bz*KJjLQ<&|eo4f2dPS4gT~GgJ*<7Chzr{TC_gr+a_f
zHSxj>>r~$s&GK)%IFFm|2|B*|L)M|LmoNP_ZrxVZ)RBK&*sycv`CUPK_|{+lz$Tl2
z<m{YX%Q;z}ubg)7+B4g=EiVs0Pm6nfM8^6~1^2yG4|A>V^_BN%^Ig*1Z!+_hr`6xe
zecNOVc7D)1S9mb@?C$k>x5L_mEml4ZlYM_MSJ?R9k%UC^6#E-;o+@k8x;wuv(Fx0N
zJ-23x^4GZss!R9yD=nOH(nHI#k^jYy1!tB_b~z(qV5?9Qaoqhw;GrhQ#~V(*G)sy2
ztrWIjCGK>>91iQx@zW-sdm?bQxBuZ|DZ7P_{c0u!o?W$Yk)Y`0)aH*%uBNKBDJd2^
z33*I@s`4STY*AW%Pd4|-&G+h*U%oXwJHvd5*2WFjJ6iWTow&Vcx9{P*b4rh$*djOe
zcDL@kL$)nHZ~r{?SUBvCw9%qK%LH~W(RY^%_lt<ArYQ;ff61z7*xr9PXq$!gV?n*|
zF%pU*S1RvH9CHrxuWQ?25&dmio$|$_+c!#b&s@{k?tR{!<;QuUYfm&~rvyJcQYbP1
z^2f@WMs7ppGdK4o7UdnhWAu4$T*qalBe_M4w#y!SXa3*Ndr|D$0*>XjYtCif{J5lV
z{RzI<nyd|$GJXX=UpjW~{k5fU{mE5#7OiEP!9Gi-?BVPn^P27r2hC@y1Wy%Q^v-zF
zwlc4ry71%QKhz%bd3I&areDUX-S+v5&fGf1a(+?tVg8*7^R6-Sdwoo9e5Kyv`}5NE
zA0?A67p1H2oO3i;Xv+ClKU~?iFg|<I810~aI5YBJZ{Pi8g5f6@IJ2(JTmLWaxcntC
zZmE|?C6oF#S6n)L^+aal>rC-~UJC0|w(NiXgZ<yhKTaPdw8gxim0tcUcjgfHqHo<T
zUoW3xvNZX&Kt_MZ2YJ8NKLQ0!-5sk-wIqtW{!Fb{7v!))<YkDDYT4B(dY@h&*Ay|G
z<hgv!$)8>qPaN$t&SaSPd*0`#>x$Lv9{;&pb9d_psp~wBWuN-4IP}lFk^IG_@|bW>
z@urt%LV}XklU>8=TiyoB&bfAYQ|H5;<=itrf8J*oG3ilD?DeYUTAYzQCs#bTF+R8Q
z*^FhG#_@C7&8Po~ohE2?=IXx1sb@`A_x)AccKgJtYhga`6?Rwg|9|`3ey2l|rO<wk
z^DdKulx2b>JK}pMKULe;^>f}!lix=eID<p?NQD}{__^>&abWTS^_-BU-Wyh3ZPA_l
z>_DcgcyiDQoukd?B2$*O^<;ES)hd^;{uj74>lAywSnc&=0at!rJ$!em*T%PkhI7pO
zjn|2Iohi?@$t(0s;n_AjtlnnMoKUCLcds~Pn?$X?+`6T2K4-Fz^2UWf5{(5y4t?TW
ze4QimBTII;*#z4vqv*2d6V4{E-~SwF94Xp!oPRmnXJ?Cd3r?N;e|gbaqyLfrcdpir
zi7s)~*}QVjHUAB6^F)sSFfBUi=WBH}AlLHhrz2_RxeL2Zv!3noiT=5^m`^{teD{>w
z^VmKf`7iI1{<~3T))U4fuD5@P?b~N0WyYp0t-W&7xoAnw+j~z<30|@4A+O%8bAsCI
zm-)`wT3&F=|HgjC69ILi9G0csJ<V@UX?~qBEs)(hR3&!vi6eRE=C4|J+l41<`GPx3
zFBe5UT(o!2rpGtG?|5@x{rA(hX$M8mXzR}E;Wzkt@5^5u;XiTZ?!6m7UX59+vMFws
z(Q(FLk4q2T3k`EuEz8>X;&zfu*sDuMlcl~I8C~8q%kA%+37_&)U%WXRamqE4vBN}<
zLHy+UN`@uRE?g~_d-nM{@5EJ8%6C?7Y5y+%p*-&_^MYBoelNUwr7wZ4u+iqZ$a(RA
znO4z9-a6%J?}&?Pv5fF>D&AK+E$xEOiTyjf#MLuqxjyA<SN}0(j$H-6ScTYizT}ez
z(>(9TA8w8^<+yQKeBP0&cexTr)e>0FvaZ<4UtIBQl3+|!Lz!Hr@{XQ><HgnP1(k|c
zS+Cj)r+P%KP+6P8!l3_T`Ux(b!(2MYqe7CkYhJX;vj;3!S)Vv_+oGnl$sup<_MDKJ
zb$Z3dIg+`2muzO8kJ5QiXZV8EPNz$Ei)iwM?g}Xjy;EO!ly&acO?xw8al)M6*RB4F
zeDAmT``Y!R^pyvq-=<xkbL3g|hp6iFv;C5`F8)4y>OEP>y{}uVDo+~Z1)ee&yBZ?W
z8(gotB=)GnnzUpS1A**-;|w_mT5oigzBuG+utDzn;)(GOq(w!tBe|L5SX~v@Ptnjg
zl5*TQKxR2t)RDHS_mZso?<z5$^6j~A>T_V*H%~Q14YMm%_bi*r#T)j%ESvQ0Z%bee
zM}<H+2gm%R1Md#>l)aq4O8VH|<sv_|wq1?wGwS}q$`sS{`NEmcw`H`qZOB^dRiIz|
zY2lP<7k-}Nmo|E2rXiYhI#c7t<$~!Je^`Akh;5$szeTq9XGQ0%jNmDy)fX3rE7)^c
zv(GR7V*N{?ZT$zE9}I4{k4jGOd6f7e`dMJ%wZIy~yY|Li`pbV;yML_M_5X;*zE!_|
zSA4i4c}7ghzxUDWnJ0PEA58SWtFiAP3-jVHZ+ENDusZSa&bf&<4|2RsI{f~aTTGkm
zizk8N>yE^=+}u5RhgP%1>3IiVu6X;<N7*ed>eY;`BCPt4ym$|Pp7P4v>R+9)yjXpG
z*_`4&{!{OH9<!Ilq<zTLS*0O#T<&Q9rCXoZ%};AQa(I5~Llu)t0dH5^H=h-C{i^(9
z=Z^FGS5x*r_Sx^%U#GkH{!;hzCtvh`D?B=j^Pgt#c9sho|K>FQtZa+St+Hd@*AgOj
z?zZ9V+j4a!trpW~^c2ePulg<dk>hbSN8msE4#vJ_i9AP{?Vn%xx&29uSaVrm-Z8;z
ze|Gt-Fl><gGe7l@>YB7ilIp^`#}|jJG`gsDXMIl4k{ly$R{e*5z0)!+4o-^<em70~
zY~iWt)_yP7TQl!H_j!8apSNKZSy?yB|E0bzVNYB6aR1wf5r;My|F)}(i91)gZT{nz
z3DcJUn935cH|x{N6(1(guYSoAV3C|AdHRrRkMe0THI0K2YK?z|(yb01k%*pGT0TW{
zSAgyQM-LY5@|mF*`unD`?K<|AAL4W@mL4kVxgry`IBsIRC*wc9B(t@Tc6Mhl=PvQx
zv)y&;+Esg9w&t$d8?yE7s=H6;>^x(+*?sHXReNK${tm4U*c!g_o7B~B0XOyq{q(%#
zE*SDh9MM79F~KtGvQv?+5;Frs2`>YK8S)4@WQqbY>wtawpdddNGy!lmJlFrWfxy3e
z@q(c>y>}1ANpK}zTH-l5VYZ3H@3xrdQZX{eH_ctf^YQ+3i}#wEbC+=*R4=NV_xbVe
z&vT{c<O;o8>zFyM>+(yPv&-Z-X1VzsS$=u->GS_Se$ko360}r%!LiL53;maGKXyX6
zM|cxkV~5HYv4B-cfBxQPt!qxZcKXQb|1wWg7Dqat{w(v<y|2Jx_Sui?yFbfcb9Smx
z+oIUyG=1I8&a&0dHC2zDtSPI`=h=8MF!PHn-_7@#FU+_nnK1p^+~e{hjQP%HU#~eT
zTrHf^t&VFh`P6kfy_Uaw(Dte3PVR!-+(H-0Z7NqHl6gOSr!&4=v$aJ__hI6~XSofp
z-v_a;YxSwp>Tpy$E!ol7^6py*qv3<*-sX>%m)TfW<O((_aJF1@YV@g{G&4HBIm(!e
zu}pjNU9HnkIZQ%*#5%d{ch=f&Uw{4G?beVrJ|8!nSh(&~t8Qtjj*Es8oAJgF7wM^i
zlQl2w2<d$OLYA-K;JWg7X8)yAuXJW7=j6UE)bG;ZcrP{M-Q3NNH@#A9d}Mf@vc5?U
zk8JREn4gl}%<=8^)%=Rer?I<PzOGqoXCrXK@WnE&(2toCCH&izvYTH0IDemgM|wu#
z)2%Dsy1!ty;w!js!E)JTVo$S^)mf3&4-Xc;{=IP-f8ydio<PGH>32gm1e$YM2>jhM
zN6Nh5$#sVKPdaILXPoJeVZPD1N<T?my!580z{K1ofB%>~`|Viy=B88I_Z^waCZQin
zgbPJ{*B-cVDrPgsB8KVr_cq-Y`}Y5eSnLtDVDE2IroV$WZp}?z@4fr&tzV*=YMkY+
zZ%^kOl&qC}y4rP>>7&e?_ceRkYudj{|2ge>O-Msa>Ji&hDb2mxzlq+|cq@D|kMH82
zWd+8cOm0rPv9aXW1Eu6W-qA*mKdvV&>$7o;a`4ugy-qGee{JpKFpE{w<1Kl#?3E8n
zusu0>&VF8q`}*gH4jw+Y^P@$@sjoE`LUbbMtUS1QLA&JagNGO1R_^t^^ROeAqoQ5J
z`pdkI|8<@xbA5Gw{*8aOIO%6<%6G5haSQh(8^s94*?hb6|G!lGtwpb^1Mf0^_tB_x
zZmma~3EI8xK@w;_3WROR%XI}s`30#(C7G$kyeAyF8WaRrFYGN3RLXkEXmu=Mzr+N?
zW9wu0-}`j;-m&62kuxmfT3HKUskYXOwF?LeAB)&3%*HQ#Z);@S_AN_nYY;^OXdXb=
zBjj8%0|UcG1_lOUWXE~>xwuB?`FIA0eD>1$bjI6r?FC+MU9EFx&TkGfxMKX^kr#MM
z?5ZzlPVC~@laNWVOQ*eb9(^k1ExhveOL4RDmtx_@RTp;r>Qt>#UHWuph02$Ww;BWD
z=0t@|n>i=y%+v@bmtO&wcQ6EaGct)VL#FaTuHrzOkB3dtE@=d@u+7dxOu#)`4ARHI
zAi(g}aS0>R{64Za(3~hl8H5yqPz(@lr;)Y6XB3h3gB%Xm!oa`)noWlALDv3egw8F4
ze2U$jpxI@F1{o%>2KYQMZhfHHW`sT$CM5qs3U++11kFApG#6rOM$`)Ui~-F?BaB&r
z&lv2L3&e0p5&*>n`s_5sa0Z4YjbD)s&%!@fjczLX95KSwqs&Ob29IA-XN-~U1EmM_
zSzv^H!7RwpOYEF5y7}nScnI@9v7wlcG^vMf2Kuli!VEV)6f+17Vj>%it+|0P__-8P
zU_;U<BAH=NAJE1JvK^oRMlW0ucErk&We1|DMYjsQs6<%x3)w0}!5QGq$_7#-z#zbI
MjfH`sPaebr0O2a{UjP6A
diff --git a/dbrepo-auth-service/dbrepo-realm.json b/dbrepo-auth-service/dbrepo-realm.json
index 4dbc95d099..a957245673 100644
--- a/dbrepo-auth-service/dbrepo-realm.json
+++ b/dbrepo-auth-service/dbrepo-realm.json
@@ -2223,7 +2223,7 @@
"subType" : "anonymous",
"subComponents" : { },
"config" : {
- "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "saml-role-list-mapper", "oidc-address-mapper", "saml-user-property-mapper", "oidc-full-name-mapper" ]
+ "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "saml-user-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "oidc-usermodel-attribute-mapper" ]
}
}, {
"id" : "1849e52a-b8c9-44a8-af3d-ee19376a1ed1",
@@ -2249,7 +2249,7 @@
"subType" : "authenticated",
"subComponents" : { },
"config" : {
- "allowed-protocol-mapper-types" : [ "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "saml-user-property-mapper", "saml-role-list-mapper", "oidc-full-name-mapper" ]
+ "allowed-protocol-mapper-types" : [ "saml-user-attribute-mapper", "oidc-usermodel-attribute-mapper", "oidc-usermodel-property-mapper", "saml-role-list-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "saml-user-property-mapper" ]
}
} ],
"org.keycloak.storage.UserStorageProvider" : [ {
@@ -2265,8 +2265,8 @@
"config" : {
"ldap.attribute" : [ "createTimestamp" ],
"is.mandatory.in.ldap" : [ "false" ],
- "read.only" : [ "true" ],
"always.read.value.from.ldap" : [ "true" ],
+ "read.only" : [ "true" ],
"user.model.attribute" : [ "createTimestamp" ]
}
}, {
@@ -2289,8 +2289,8 @@
"config" : {
"ldap.attribute" : [ "cn" ],
"is.mandatory.in.ldap" : [ "true" ],
- "always.read.value.from.ldap" : [ "true" ],
"read.only" : [ "false" ],
+ "always.read.value.from.ldap" : [ "true" ],
"user.model.attribute" : [ "firstName" ]
}
}, {
@@ -2301,8 +2301,8 @@
"config" : {
"ldap.attribute" : [ "mail" ],
"is.mandatory.in.ldap" : [ "false" ],
- "read.only" : [ "false" ],
"always.read.value.from.ldap" : [ "false" ],
+ "read.only" : [ "false" ],
"user.model.attribute" : [ "email" ]
}
}, {
@@ -2313,17 +2313,17 @@
"config" : {
"membership.attribute.type" : [ "DN" ],
"group.name.ldap.attribute" : [ "cn" ],
- "membership.user.ldap.attribute" : [ "uid" ],
"preserve.group.inheritance" : [ "false" ],
+ "membership.user.ldap.attribute" : [ "uid" ],
"groups.dn" : [ "ou=users,dc=dbrepo,dc=at" ],
"mode" : [ "LDAP_ONLY" ],
"user.roles.retrieve.strategy" : [ "LOAD_GROUPS_BY_MEMBER_ATTRIBUTE" ],
- "ignore.missing.groups" : [ "false" ],
"membership.ldap.attribute" : [ "member" ],
+ "ignore.missing.groups" : [ "false" ],
"memberof.ldap.attribute" : [ "memberOf" ],
"group.object.classes" : [ "groupOfNames" ],
- "groups.path" : [ "/" ],
- "drop.non.existing.groups.during.sync" : [ "false" ]
+ "drop.non.existing.groups.during.sync" : [ "false" ],
+ "groups.path" : [ "/" ]
}
}, {
"id" : "b6ff3285-35af-4e86-8bb4-d94b8e0d70bb",
@@ -2347,8 +2347,8 @@
"attribute.force.default" : [ "false" ],
"is.mandatory.in.ldap" : [ "true" ],
"is.binary.attribute" : [ "false" ],
- "always.read.value.from.ldap" : [ "false" ],
"read.only" : [ "false" ],
+ "always.read.value.from.ldap" : [ "false" ],
"user.model.attribute" : [ "username" ]
}
} ]
@@ -2363,10 +2363,10 @@
"useKerberosForPasswordAuthentication" : [ "false" ],
"importEnabled" : [ "true" ],
"enabled" : [ "true" ],
- "bindCredential" : [ "admin" ],
- "bindDn" : [ "cn=admin,dc=dbrepo,dc=at" ],
"changedSyncPeriod" : [ "-1" ],
+ "bindDn" : [ "cn=admin,dc=dbrepo,dc=at" ],
"usernameLDAPAttribute" : [ "uid" ],
+ "bindCredential" : [ "admin" ],
"lastSync" : [ "1719252666" ],
"vendor" : [ "other" ],
"uuidLDAPAttribute" : [ "entryUUID" ],
diff --git a/dbrepo-auth-service/create-event-listener/.gitignore b/dbrepo-auth-service/listeners/.gitignore
similarity index 100%
rename from dbrepo-auth-service/create-event-listener/.gitignore
rename to dbrepo-auth-service/listeners/.gitignore
diff --git a/dbrepo-auth-service/create-event-listener/pom.xml b/dbrepo-auth-service/listeners/pom.xml
similarity index 84%
rename from dbrepo-auth-service/create-event-listener/pom.xml
rename to dbrepo-auth-service/listeners/pom.xml
index 47abc95613..e70201b96a 100644
--- a/dbrepo-auth-service/create-event-listener/pom.xml
+++ b/dbrepo-auth-service/listeners/pom.xml
@@ -33,6 +33,8 @@
<maven.compiler.target>${java.version}</maven.compiler.target>
<maven.compiler.release>${java.version}</maven.compiler.release>
<maven-compiler-plugin.version>3.13.0</maven-compiler-plugin.version>
+ <testcontainers.version>1.19.1</testcontainers.version>
+ <keycloak-testcontainer.version>3.2.0</keycloak-testcontainer.version>
</properties>
<dependencies>
@@ -70,6 +72,19 @@
<groupId>org.jboss.spec.javax.ws.rs</groupId>
<artifactId>jboss-jaxrs-api_2.1_spec</artifactId>
</dependency>
+ <!-- Tests -->
+ <dependency>
+ <groupId>org.testcontainers</groupId>
+ <artifactId>junit-jupiter</artifactId>
+ <version>${testcontainers.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>com.github.dasniko</groupId>
+ <artifactId>testcontainers-keycloak</artifactId>
+ <version>${keycloak-testcontainer.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
diff --git a/dbrepo-auth-service/create-event-listener/src/main/java/at/tuwien/Client.java b/dbrepo-auth-service/listeners/src/main/java/at/tuwien/Client.java
similarity index 61%
rename from dbrepo-auth-service/create-event-listener/src/main/java/at/tuwien/Client.java
rename to dbrepo-auth-service/listeners/src/main/java/at/tuwien/Client.java
index acba01a663..769ec49097 100644
--- a/dbrepo-auth-service/create-event-listener/src/main/java/at/tuwien/Client.java
+++ b/dbrepo-auth-service/listeners/src/main/java/at/tuwien/Client.java
@@ -9,24 +9,36 @@ import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URL;
+import java.nio.charset.Charset;
+import java.util.Base64;
public class Client {
private static final Logger log = Logger.getLogger(Client.class);
- private static final String WEBHOOK_URL = "WEBHOOK_URL";
public static void postService(String data) throws IOException {
try {
- final String urlString = System.getenv(WEBHOOK_URL);
- log.debugf("WEBHOOK_URL: %s", urlString);
-
+ final String urlString = System.getenv("METADATA_SERVICE_ENDPOINT");
+ log.debugf("METADATA_SERVICE_ENDPOINT: %s", urlString);
if (urlString == null || urlString.isEmpty()) {
- throw new IllegalArgumentException("Environment variable WEBHOOK_URL is not set or is empty.");
+ throw new IllegalArgumentException("Environment variable METADATA_SERVICE_ENDPOINT is not set or is empty.");
+ }
+ final String systemUsername = System.getenv("SYSTEM_USERNAME");
+ if (systemUsername == null || systemUsername.isEmpty()) {
+ throw new IllegalArgumentException("Environment variable SYSTEM_USERNAME is not set or is empty.");
+ }
+ log.debugf("SYSTEM_USERNAME: %s", systemUsername);
+ final String systemPassword = System.getenv("SYSTEM_PASSWORD");
+ if (systemPassword == null || systemPassword.isEmpty()) {
+ throw new IllegalArgumentException("Environment variable SYSTEM_PASSWORD is not set or is empty.");
}
URL url = URI.create(urlString).toURL();
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.setDoOutput(true);
conn.setRequestMethod("POST");
+ final String token = systemUsername + ":" + systemPassword;
+ conn.setRequestProperty("Authorization", "Basic " + Base64.getEncoder().encodeToString(token.getBytes(
+ Charset.defaultCharset())));
conn.setRequestProperty("Content-Type", "application/json; utf-8");
OutputStream os = conn.getOutputStream();
diff --git a/dbrepo-auth-service/create-event-listener/src/main/java/at/tuwien/CreateEventListenerProvider.java b/dbrepo-auth-service/listeners/src/main/java/at/tuwien/CreateEventListenerProvider.java
similarity index 85%
rename from dbrepo-auth-service/create-event-listener/src/main/java/at/tuwien/CreateEventListenerProvider.java
rename to dbrepo-auth-service/listeners/src/main/java/at/tuwien/CreateEventListenerProvider.java
index 8ff079f8c3..b64320588d 100644
--- a/dbrepo-auth-service/create-event-listener/src/main/java/at/tuwien/CreateEventListenerProvider.java
+++ b/dbrepo-auth-service/listeners/src/main/java/at/tuwien/CreateEventListenerProvider.java
@@ -61,13 +61,27 @@ public class CreateEventListenerProvider implements EventListenerProvider {
private void sendUserData(UserModel user) {
try {
- Client.postService("{\"ldap\":\"" + user.getFirstAttribute("LDAP_ID") + "\", \"id\":\"" + user.getId() + "\",\"username\":\"" + user.getUsername() + "\"}");
+ Client.postService("{" +
+ quoteAttr("id", user.getId()) + ", " +
+ quoteAttr("username", user.getUsername()) + ", " +
+ quoteAttr("email", user.getEmail()) + ", " +
+ quoteAttr("ldap_id", user.getFirstAttribute("LDAP_ID")) + ", " +
+ quoteAttr("given_name", user.getFirstName()) + ", " +
+ quoteAttr("family_name", user.getLastName()) +
+ "}");
log.debug("A new user has been created and post API");
} catch (Exception e) {
log.errorf("Failed to call API: %s", e);
}
}
+ private static String quoteAttr(String key, String value) {
+ if (value == null || value.isBlank() || value.isEmpty() || value.contentEquals(" ")) {
+ return "\"" + key + "\": null";
+ }
+ return "\"" + key + "\": \"" + value + "\"";
+ }
+
@Override
public void close() {
}
diff --git a/dbrepo-auth-service/create-event-listener/src/main/java/at/tuwien/CreateEventListenerProviderFactory.java b/dbrepo-auth-service/listeners/src/main/java/at/tuwien/CreateEventListenerProviderFactory.java
similarity index 100%
rename from dbrepo-auth-service/create-event-listener/src/main/java/at/tuwien/CreateEventListenerProviderFactory.java
rename to dbrepo-auth-service/listeners/src/main/java/at/tuwien/CreateEventListenerProviderFactory.java
diff --git a/dbrepo-auth-service/create-event-listener/src/main/resources/META-INF/jboss-deployment-structure.xml b/dbrepo-auth-service/listeners/src/main/resources/META-INF/jboss-deployment-structure.xml
similarity index 100%
rename from dbrepo-auth-service/create-event-listener/src/main/resources/META-INF/jboss-deployment-structure.xml
rename to dbrepo-auth-service/listeners/src/main/resources/META-INF/jboss-deployment-structure.xml
diff --git a/dbrepo-auth-service/create-event-listener/src/main/resources/META-INF/services/org.keycloak.events.EventListenerProviderFactory b/dbrepo-auth-service/listeners/src/main/resources/META-INF/services/org.keycloak.events.EventListenerProviderFactory
similarity index 100%
rename from dbrepo-auth-service/create-event-listener/src/main/resources/META-INF/services/org.keycloak.events.EventListenerProviderFactory
rename to dbrepo-auth-service/listeners/src/main/resources/META-INF/services/org.keycloak.events.EventListenerProviderFactory
diff --git a/dbrepo-auth-service/listeners/src/test/java/at/tuwien/EventListenerIntegrationTest.java b/dbrepo-auth-service/listeners/src/test/java/at/tuwien/EventListenerIntegrationTest.java
new file mode 100644
index 0000000000..c3d6ee94cc
--- /dev/null
+++ b/dbrepo-auth-service/listeners/src/test/java/at/tuwien/EventListenerIntegrationTest.java
@@ -0,0 +1,18 @@
+package at.tuwien;
+
+import dasniko.testcontainers.keycloak.KeycloakContainer;
+import org.testcontainers.images.PullPolicy;
+import org.testcontainers.junit.jupiter.Container;
+import org.testcontainers.junit.jupiter.Testcontainers;
+
+@Testcontainers
+public class EventListenerIntegrationTest {
+
+ @Container
+ private static KeycloakContainer keycloakContainer = new KeycloakContainer("quay.io/keycloak/keycloak:24.0")
+ .withImagePullPolicy(PullPolicy.alwaysPull())
+ .withAdminUsername("admin")
+ .withAdminPassword("admin")
+ .withRealmImportFile("dbrepo-realm.json")
+ .withEnv("KC_HOSTNAME_STRICT_HTTPS", "false");
+}
diff --git a/dbrepo-auth-service/listeners/src/test/resources/create-event-listener.jar b/dbrepo-auth-service/listeners/src/test/resources/create-event-listener.jar
new file mode 100644
index 0000000000000000000000000000000000000000..221bdd325f056ff953e0a44a46773470eb08e91e
GIT binary patch
literal 10015
zcmWIWW@Zs#VBp|jXf?Bn$}+iqu#k~~;S3W4g9rlygRg6dqpqi)o4&83pQoE^aEP9-
zTW`>5zrzLsd)!ai|6tEqF7WF_?;%DlxuAu2%xCj%on<j~ujkAAkCzF!v^F%q-CDlK
zc-~jrh~P=-Kb_9aK9-iWWRk_MA{L+4Iq!`N`DG&uUl!zA6+Mbs%6?>zX{e(3Q8&9>
z&cj<hWn`6trC9i;KH2=R%P8<k-?rYCY1c1Je$8`9v*>}{Yw!7Lxfgf%=sfHFu5`a!
zRrC>?MPJ_QTvyY`f3x4S{OS#e{WIae`tz*H>7AyZucb%5FSAbdTEFA2<R-2F#_VKo
z_Ia`0cdS1B((peXXiz0HjkUz!Lu_!~0lxP6vYglKsw!VNs4dVtmbt&a!OG_Qxf|cs
z-sk_Zk;`^Uy714&+Cx!srq_gu=6{b!U*Gn7Vd;$Px$8Ep{Mz;{!gPZqljtO=-}@C-
za?d(^I5pK~vTC``o+amGG9NM-crK6-R$A)W={c*9A^mAi$T_v=md{LNeG{wpY%jVx
zy?B4-g*P1~vNkH;mo60-VyVsGbUSv@8Wcrb3=A9$;3#510-VTEgizLEW)+2`ia`ij
zS#fGnS!Qx-u|7gQDCUvXGczzSB$nV&zy(oIQd*vwnukXnKeENSiDh^dOJXWcEYTxq
zhdw@S$wjG&C8@fpWvO{3x;dG}C8>F-MPLU*(mW`n{>*E0>SADE_`txxpn+^yR#JX(
zv2IFgK~8>UF35o5lA_Y&lG377y^7o%h1xzxz9s_!*Y9%{&8%JdE=J@=C6g_~HsPR5
z>t&aPcJ5_So-xB>_5AOXzq^;8e{i&=Q}!rZ-&aN!H|J|d7dF0rs^foQ>(qVsJ0hcM
zDrPYs)3IEhROERhEXi_jc>ae*iMNl6PguvTcGy-SvXTD=!_tLvg=X`96>?89^gXB0
z91!pKRXg_PwslwMr^kb065$`8-z=;27#J9I7#J9wko^OX`TU}Ez3kM=<edD(Y&~$;
z6zjQyg2)FNLIFkjWtl0dMQ(}7CHX~_-Z~exHFeMXoV{GE=jE&8S*q)OR{P^g9X-#p
z-nv{Gr}R(zc<L5;`{<q2U&X?Ja1AJ3{r}Xw+n<Sn;TkIggAq!yaR$c?K6~|&a}tY-
z=LX--6ABcGoqd}js5@cf)@@zerg<lRIH<m+Q}LRBr)iQ$jZB-e-^_CpW-?yhe@T3H
z#v}G0fyZpy1vP`bYb~#Dy&hNnwz%%kpI@>E80Az2ogy4nS~ZedzHBtR781Pq*Q?d<
zHeRrGdefOGc`w*$N5C764&gFW|F3THyooD$-81G@*ojTMZWQAmaj5d`jpW7Zb5ulB
zYHww?I4w-It}RvYE4_S;?N#Sp;bp7$@qEjDxT`JqYWG}=Fplh9DQh|AZ%bm^<GDs@
z?E^P1$rR4t-kla#O3s)0?d;-Ie|UCM(7DA+M8acdEMAw;8xSpJe^n&2An#Dt=?zCN
zzF49?XM5E3CzE|nUo+jj*s^UuKcDhF_QR?n(czkV&V6bAytMHDw4w&%U%l!%=Pj>o
zSo__re)-zl&IfgsU1IA!Z~S5J6Og~P?)sFTS3$NvVw>hGnMYI{KmS0>M`vn(>@=yj
z-0N>D-_a3?uAf(PyO?M7`3>U#zk0Maet-2PRbWzX^^+HmE_{gIQC@j?)jlbwRhb`S
z4_}E1-@&ET(#yR!bb-(&?sYqTI34Eg_v47s{a@Ld{_mB|vx?=Pd~Dpk(-)lI!|_n8
z->`DV0jvI%oD9-C&Km#Rug_uUFymv-Z?>ngKY2R+i&?ZMDVQ^|vi!>uE>F3qo5LQ`
zpQ`fj+Jw0a7ih9R)O+XIW%DlHZDSqdQRX)uU3XVXr&jK3NXkCOIm_y!K(%9n>ITC(
zo@c8k%;)6wce;H3#t|ohsN^l{b;7jj4}Sgm;-=V<rXz|XPa`H(O|IGAua&j&2vX(;
zCC`9~w|*SpU|{GIU|<kKO`bWKsd*)kB-k5XStER0vi5OyYURPc12>AA7q^^dcbg#K
zl-u`X!ojsQM}(HOZ7b1T`<69w^_z7*3p_8I<=)z|#pI=H)kWhkeu^PwZ`GEF`+B_p
zZ8vG&%i6!k*MB*Cs-4G3)85$F`t!5d`S;3u_5PH<GGw^@QC^=bV8sFtS3@rrExxSB
zQ3eZD-JAA0vwxkT9I)xEhtxT~#zVV)G4k6m{d*U%W$R+oTU81|ujF53@yl|2E&1}b
z?5oS(4~u*nS0!;y)0-e>nPmM-VrlP-zIig@5z*r3B1?6YEiVPtKMm2;D(GdJ-<2BS
z*EvhL<Wf7Ytz?e>hNX3_oW(8+)N-Pf4>mh5%VoDTJhb<qLG|6Nj|r^@PPvxm@vYgo
zcST#gV{g~<hf$5Mj-~|u-(fdJPEssly8HhRPv304!e0^C{aS=2B&J_lEa*|5Pymm$
z$+V)r9X#)YH$**Xs|*QOTG*e_8J4YLd+c}HyN;Kd#|<XStr2~}qk5e8w9l!j2X>@M
z-U@Ky*QvVNkjOr1nec{E^@ONT-qYFhKO~91TEc#XJLK7B?zi_e0^}rnT%7N+e+$U-
z&n`dFtk#%Y8M=dK=Z%AMEUeRF*`~35Ot}1~vUcsn6Zh`@<Kxe(>ie8Fu{-`tT25d=
zch}mAeGRYfnXI%vX!|#IOYWIVrta#0yMI69+2QJy6}XZ2Hfxt`v48!HZEK?$xP-R|
zZ`aBQz1a4x^|;`^D?TqzmKo1nviQP+FAq<DJHLLb21j9SUg7q~OT-xVyf~mIy8B@E
zl#kbB)ADb5E|rvXE&aXZXWWUv_<R+u#=BZoOIB)gyt$t5|9acywbqN%?i`<UVfiDo
zFWe!$ne8QV0+;9PZ8JVK@ok3Zaj_d!rRU>qrrCCI>16tT);MjkD)p<}fjCzEAj6K@
z%@-$@^|);C-TYN|HtQZAiG?X=dQQLCT{dl@%!yYsLpS|R+T(K2J5=VtX^A6|+jxv6
zq_674nckT9_GC?r{IyG*>3K<hd2$uqJr5K`4Ue$eTv_(EWAWs+Tf2^Kzw$o+bCQHI
zms_ZWg~e)LxveXE-}Nnemg5u=xP8Aaf2|#d%97G)Udn2rGdwtdJnOxYesQtROpkfW
zmQPzu&xdD5KTBDzS*5bH+QDkomJqGPBQe~p{I|aBceo{)cT4NMY<QtWxq-z=muts0
ze6P>AwL0BXMRBLLUZcBeqyF@FFN%uA;}$;16J38~HOsW;w~ubH%8@jZ>Q<FyE;?_k
z6{oy9<YR$SZogOVyU>qTd+b*G?$2BPVrj{(9q*o9(qqk^(JS@+-rtu?l6zhjTV6T-
zsNBcsm)gwlyFL}XJ6gLU_=A{KYS_tbUp{Qed-<_0cJWUUn*&W2yRS{1bJ>2kPHD~T
zuI-Oyw-}e6VVv+x=1`GX#f!fdikCk&Pr9;4;N<bbJ<(0~4)a*?pOSk$>sxJz&gqPV
z8%D>O1n){+UweS<A9qFS(dzv=<?;e6PCwTD{rUQ)$3G@?@jq7XVR<FUFYOt$caL8F
z!*7qKboD<<-qNaR9Qbt3q*|9V@!y1hENSvz`D4o&&(oh0B9wwZX&+qlUGh|6=ZU?+
z+gi#W^mMr|sjqn4CVTps8|(bDg14?(r&sHrOL988WKZ`Q!@Ik3vz2%8w|bn|ntAf=
zb5^N!a$Xk$Puu8tPw@6Pl?yK9>*t;l^yJO#g__|m)lQpp(~i5&*Y26PhJCtsS@or4
z=Ut*x)eWv4PV@2RIU}-n=1HaWD;u8Pdg`z2rR6<yo3f=*lFPJZYmemgeT=Qtu3GVS
z-=%Lic1^u<?90whyHzzew#@j?rP*|u`?O5ygdF4EbLZm&7e?K&s`OA_b709n?N86S
zmMLdD%5aBmX;R!2A$v}~@lH_EIT7oH&v!-kZC%<|c=lpMy;7f;^_8_t(_VZ&m$+g|
zdbEz==UZRh&TJ9AY|YE5b=qi`qgUG0EMwo}WjeZ3b!V4Va@M^)dbz^wV1A0#&$S0$
zRaW&rv3PHLxM<s=vMj^nTV|~Af3oWskAZf{_GvxpCDo-jO!$`uS8n>AB%LaDp834^
zh48M7>q4CzoAt84zR%3PsAKa(`EkGL=?>N(AJwCF1}kfRbSO?JH@PK#LATpqC-R_$
z^O5)&WoZI^k`wq&q|bQW7_+Q$_Y1*k(yW`hw2V^&4%)L^`x76d@k4y|`>PATbn47l
z|BfrIazoj*6Y~XRM2pVITj%UQuwJ41;JzJ+Opi?1S$`<q7AoH)6Q8s?jq!)kzC-&&
zo(KAin2X0e$dOEa|4DPQ2Jd{wo$EIlHm^GN`NO98p9<4_lCLhvKg)7$?q^eh%X{Z}
zzb>A3?X>F7Lgw_<HPW3gGnJNUvKKEtV&a!n%y#yy>%T=jWj1|%&ywm5+vomEy3cLI
zu|9v6lm3O6L+?+heEZ?8w$Ywhm${a!y@BW0j-uV?%h)BC%og2$X~MyYJnz0}OYVvC
z+gH}T{8BORJey9boA!l5`!esCN4%VQNV<`8&(Aw1ef)lp|2cNny=J***;sBm-RtlD
z=pPzfMiwvi&pv2wK6~%;3cKd^Klga-^rp*CTf8cG`n-wK{_~Um_&<K5;CagDVX?zw
zmSyMWPIKw*eWdp6zSDIc{shz8Pfgradp9<jt$EZV&nt8H%&V=!+CN{ceOmp^YM%mg
zP4XJ2rjEij2j@m~S8w1u9&nr~reFAt{G)U28|S5%82aZg@HBs<nRCd$P<h_cBi=h)
zrzEb9I5?kuYlc|w4K=eQb<<mVX36a@j;vkhEweOuN(WnwsDHq7w!kKJORWWR{*Rg5
zb(E(371`IO^vbAp{bT8psmVHX??1`nJa6BX|L}G|$HkAbHR5vf_Hy1o{5?=>+Q%?^
zg>$EkYkw%#J^8eW+y0r%2jPGFc~iv$7cbcMMM-PZ-1xHT1^Ql=Cw|^ux!|zu9alwh
z!GMB4i~hJqRd+7u{<g{TwKD61O-)y-KWyIlVaL6%wN-o9Ckgf2HGR6Ar*pR5gZ2Hd
zV)LB3#`sO^7fy&Td|ICOn|*ujwcP(b`-@`t?QHw`>c2Ge%lALj|MC9+kJcpb&|V}F
z$IHMFD#yT}joRkH-6V%JgtkU-Rs>(4`mcYx`e}XxqX`mDN*#=m+YDKp4zLL&ze!M<
zb}K<hLGk=0W3g$f%C?dmk(sxa{l3>$;`x1xulc1ToUis>tX*b&_x4GZ%}ZXFEW2Fm
z`}_Xyc`4E<57);_Kl=Ty=$-BJKj}N4zw$o+%#JT%@}3L*MpL9$7zB1|IldLlK9l7e
zaq{rm-E4g~0^I|)8qVvnp3VAn;jw>NKLT<O<S$}dmN4__7OR`dh1NH3&D^GY{GHV1
z$$l#H3g0Z5dvC5^@6qJ4sDzX^K5Fy4iriJE+TF3rnctxnbgkgEhgO=p(OUD0$9B`#
z>}A_*c-&!a=S~ieb#o5Nad~kHDNBChFco`xY4x?wPFuA@pUs@n&)VeW>*!{Dr+j5+
zm5z!^=as~RPJ3UUaL}5Z`Si#`i;LYKyp!bhglAa4O+J`9a{=4&{?mo6jSD(eBeYh`
zKXf5XWM-JJ#}&TY=jI77-j;Ckr<AW+h|1eKlZ2U#Pu0Q{RCbhDb#erskvkzLC$fga
zRc+1P=Sw`V$XVY1_qO-1UCT;mt(7yk<}6dIbGneTh*g`_PW|aS(JgJu#5e8z=#+Lf
zqV+1<I-`wj*{t2(Sss3SW3PYz^7iE`(U`(Old#0Oo!J}a{krA8Ijkwq&_2Xv_uo@;
zxoWpI20l=K5S@FxOZ(GKMgJ#jg#EX?+u(ManP=u%wRJ~JZLW5?y$w8WdY0v8f|+FL
zi{7=-kLIpSQL}cEUvW^ZMCwM?BJR6Qk->aRr?LmX)YG<7iICcL!n60U*R5Q&sttFi
zhV4%C_c729VR<0svf=OnKjGaQW-p4nvXisuU%<gzO8)|tHk7T{*LNpQxc0{36{phP
zm`u!>p(gh|O|8gf_oX%WkJv4ZG;Iy&w%sUor{ymj-wcb6*{lb<WtCTa{FZ0AFySS4
ztj~j)uU4EZDc5*!pYkXyf~UJ@ZqLf4Yo{e=a!<RrdXc8qiqDHQuLw$a?!N0LdT?8(
zqroJt(jLFZn{1T)zQ5UOyfVisi``u}eTA?4Qv)G3Hy;(z4&I|qM}q!Dsqf%=meIW1
z{p~YPyB<HgJBb!g`Tb{~c(6w|FQaYwNq@cFC%2sGNNzf?F3>tx^ZUF*4|a44@95nw
zASt2|!{@7N>7%IDeS2nv`jnWN{(%dRndw*GUAgIcY}2+!ny+hSbfvGaE;x0d*!NEN
zbIxh!ed-;L-m{x}$jfjZ(~S8w*FqoL?YVHE+h>o2e&VZniXvx%=kAS_t=`3A+<x9a
z?)4PQZ9hM9?YVSdwa*@@^)rKHo&?vGs##C?`0KN?t!u)khow!MER=uN%`yAX&}pvm
zJ|@P<PlB<eao!B0tFwLfNb*m*dNJqJMr)aN$9?<0Tn*)TqI7A`R7=07OP81?Y0tcu
z_ej=jLCw8@&vtvdg>ESC;Sf2w+jo!q#1(gLELE$mm{DmhxY>>WXtLd&`OPP;_1$f+
z+NSl1f7TCya|RtA_hkLkWmJo66kcDDIo<v2ic(Tt#MAE<y(Jp@FOt=cO%+M|cVlkU
zC3THo3rvOl=V$~x^Qlo;A9SRMlUbnV%#q_CIS;BTU)yljTQ$q__oH(YcE!nb-&5F8
z?Y86J-n1@_cgL51$Yh>x_%X7kPtJVhKA$6{`&LQ%rp~dmwiWBY^<4GDpN&2f=BGE5
zvP@pHd&=5o=P)&kgxe<*Lc&*WTrjnV^{V5+zPq+;`%d)O6#85*EZuA@Rr6z0f}=U_
zIaxm~iLFAMTMzmw@%~uVSs!#XZ0cOU<(HbZqV}adivO_wOM68cH^20?(9d;SKk*9R
z{}Q&#&26r*T}`xt<JK>+!uJn<kCb!?_7pqkH$8lV&a5>t&nHZMm#mqrzS!*aG=|sT
z)Ti2>X9?(A9`fFi`M+bOx)+Cd|J#)o*@g1|x)X2s)cHS_41M!|!IPhV8ABepzq%sN
zeQnB$*Cod^vQ8}j7%cq1dA=Z%_OaDJR=wQm+I9L&(`q6ARfirtSNmuG{^C02FGrYG
z9Gc81p?7q>?;kaJS=+_38zW|&Z(_LI9`|=|r@e?$grs&u*4CT-_N%MjMILOsP~sG`
zX3yefDW_kjSQjswGBZd|wCU!PD-%oGxSpmYpXAOF%G@2l>Oy|U!S*vfW-I~9S52n=
zV4dw1s~vo~#&Ge(&t_Nu*f{idoY%Q}ChV*X)5+F&_JGw2vd7-P+-Y=w3hSxj+Ec}A
zD<*9^b2ONd<--*JA9hARUVU8Ts`vP^i<rMc?5~@FYu*Jek4f|jn6^VT>7VOmqobRJ
z!qgsLEpVNm(iY>H?eqGAxLus{(e7QJ@2~0oyXUs`&SOlPPUmmVl$G3Yxq3|_OFGj;
zk<IS=r}nMhXdd~H=jcmGZ6)I>*X_dRLiT0t-t#25ds4`<yGnKy8-GntS|L(-aQ3UF
zOQCl=^gg?)Rv34GwG1nn;V<of`U8*mn!jE-`%PDx#M*7{^;yjP=k|H~Qe~H}l%h*h
zKFg%GbJz4&^+tB;Y!92{?{?M4z2wPfQQKI*2T#xKUV7bbP0o~UU%3xV(B0ylxn-w*
zVlU5;HElJXw>Cr-yxp=h-EF%@;_9z{U;ivlyy_bNeX`kaGdJOT{x<*YV#~{pPkq>=
zI;U`{RcFoiB|&_z?XyeT-|{R?nrRs-^zk&`&CC;e!DXk5f2hq$kn-<a+V=KZhuAdh
zHICY^mR#E6efGqYi{Wag-{lrb<~%++cY`tS#E>it>nN%Dn$o4Ge$N(*owoG5S=^3W
zCzBTHzq|2v>!tE}rd~@d9&MlQy8g@TOR9IbUOL-3`_GrR%xy9umh<`_v~gGL+_hUY
zwp{MW@Bbeas-CcSWdtz^%$G@0m^bCwgDL;tf8exTRkczlms@RfXN&)jfNw7qrRR6O
z)%qH7N5w8szkkc`%k5I1EZ_83r8Y|OSDWs$P7+(w`P`eybYha)Rn^;SihJBe?_~yC
zrLOkB^4iSw=d6$~$z5?*|7I1;+4Jc=yXijPtM`8v#rS@B`_ex`__1{)&k}Xp4Oj2n
zJ>$N}YWa-Pl*?R^2Za`?pJcdvefnI(7XMSJ#+&9V>L=XO^!0iXlcbaA8NxPk=^82V
zRq}?6_pX`ld3UwkPV7T8vuY^w%4vmL+P|d!Imd0!$7ycMrhKPFY%@#$!goB+Pp9m>
z7k%(s(6+BSYsD7vb*HeVi|wdZRp|}*fA;d88LL!veC68pi>KeJ{U8`46mi9*@95(l
zL0_d0%b2`$Ty0(ZHFHgRzBAwKhRrWDoPPvfDSY;8^Nxi)))q$Rnj)9aEUrHP=vdJk
zp6xx4#Z)tQPAkzAWM~SoKXC1_m(FpcHAlH}96A1G9APxcK6!XbCiknQkx?t0?FAz>
z*Sho;iEXjeSe;_Jbw}4<uM_e+BQ>`j3-#fV3p}|r*lT8E;gKul9g}1~iui1-zw$c$
zrv0<8{#r-hUufPPJL&oSW6#__Fin59bos_xmw%^5y`RgvH~PxUt)Y)Ac82X+s}vJ&
z==yi63B!gig*D3z*C`2PU+`ftdytiL-0I6isfdXF$r*=jZ>(4t;jOE~Vk+`9X62;-
zjmdMh916Xzow{nW=GEHC*)POc1KugtZU4k@{g!>o$#nrT9DAnKeW^MqT#@`h_szbu
zZ}&~U+kWR=^=zj1*4_M5ULI7QQ-5V{{hYg-cg;TRe(=4zXvTAn56&~TI)B}N#inol
zoQsd%9JH%B7+fc-9reKK)BA)-@7Ieaf4lFcv1^0i-4_p|SZ?ol&i3xr!QPf5PA<&?
zPu58X>b_2G{`Ru5=@qjS-*xU)f#0Iv7=LKZveUcQ!*09OeXjzS`P{=!vtG=Xzi{pM
zFJ^<;O!uXZm-`)-Klku{1Apu6q95gT++wrWKD^cHdc*hm+qoiPiJ6njbe$s1Ha+hO
zXx!u)`X=9L>hZmu^;}#tJFaWlZuFN=+toeKF7;J;ZT{o)C!!4P{|VaE20yTuKVJVn
zpmD2(yLOU{ePHAC!~dWC{y+V&{-?itE&mwZ{~yY?|LWgbnLqDjo~?4On|@fHd$RO7
z#RYa}E&rV4&WZY<FRZX5Z}<EKatYHcPh9_gw&YQC##ZMo*Vncjf8--#`0unr;0B3Q
z{TnZLNUya~)|~w`>bz^_M*D|p%>L)Eue$&A=sWKnkw@Pd2Q%e*H3>>i_cA{&@*#8e
ziuD1GvxMg_-@9nlOa@Qhvz&9jNLH@+wsp?oXTQ3{WEm`HE>({%NqLe|R`+Fv)Y+5$
z=T-%--5t9zjQ!l%$7?4!`Y~0`SlVZhy=WKH4=r1tLpx{lTRdI2xo}FQp>xmX8ioEu
z^*+J-k3Alkt(%wPbH8u;W4=9{<&P5k?An5VD7`y+{ez87>u;{iW(Khj^=&^^ix^7Z
z|F-FsQBBag%aNs`a+l3kUND>4yea+T21Qx6cgs_+UHNtO>l@3bbLRz{nayv$dFI8$
zN`3`_ysUF4RoD6PC-%w3z2Z}!G{4&W<{75u9X!rwez>budM%#DuxmM!cZol1nBB~&
z=V!$_M@G!5+!V8Xk#DQOWWTvrjB`&f`rMpzb4iCOw_x@z!PB=M|8kn6ckxTf$%glw
zJO3Qs@ua8kbm!t%D~_Ah*7WB*|6X?GB=4NpQ*Af-=c&Ba-L*G#JM*sImt_Ilop;$T
zy4{jD`QE?4{Cc<Tk$2@Tzva9;@5)=*U3<N^e?L*I**Jf1_0yk4@~{4LA!bf?Ot6f)
z>{O(y#LU1@!pp#5hCGi0nMgy-jbWeUD#*_TO;cSB&-K4;An@;AykKZe@7+Uj5?qOw
zmUvE1m~A5QyDjFqRE*5=O>>v=e7yhM;=QKk++~~x)r;!peSW<A^IYjUxkB&OI%ZDm
zy8Ke+>@qoyS#CZ@mS0|d`ux9-Uv%cM1TEEGaBOqNLjUF4kDU<i5#Ges*rD=8EMQgA
zpTD<R>zdQ9oj$Vqzs%E=#gWdZKg&FI?<=sFefHz}?$7eqoSkaawkS3^O<#AjvuyQq
zP1R#3Ys#wgc{W}Q%={wDck_Mb3p4IXCQSb}_qe<WW4^Q5*K3XnR|}_ftK*tWK6RZ=
zujTI^w0)|%le-`{x6nm$o641lWZuu->5T8zY;DofeVDlLS#HDY_d)FIT79atIvmwb
zOLjE2y!#fyX!xMHxA~*xWj2--xq^)foGllf8hvUf&5Vw3jxy$AEYqHRSL^gs4wFzH
zu}*ILowc^x*I$2kyESBu&&LfX7Op$hs#{vB<D#L&X1p=PMS5!BWX%gZLOP$nkmV~l
zxUM{&*?;NOE1lWNIk|5O^}94U-b>ARH+Qq+O|KLi9~qvftZ$OTBOAOO=BH#gb9}pf
zHNT?rY3y#6uWQ!Y*$CV)e6frx^kb$(3I8^w?50;g&fjO>k)BcbbnA+@?k||F_zLb@
zuv|8o*wgG}bylSH!-Ivde{WpIpSU=WC(v+4`rVKXf#zHm0)O|+kuooMa-AXmlTO;*
z8E5)qm~V8h(oa$sFTLq0Ffn(@-#;eLemhpax#`sQeMhFUN$7_X;X)DLwFfSoirLJu
zh++Euy-l~pzWu)<7JGy(*!!E5>F=P8TXU1wd+&aG>zAme8fUrd+tWD*C2J+0u6A8z
z`Y1E!ea)Wsn)dI~e@=T|6VlL<dc^irN^|e_Z=yFf-U^@0<Gc80S%L8<lbe%nY%KZp
zKq+~TceIh?kLyXx`fMDd9K5w=uanErUt9Y)%wpB_cuO8Fd*y=?Y)?*}v!55@zW({4
zgNM)U{Af{e>TAt~5S_?5D-SMS&@MUq;NgY0m3w{fJnYEjsAw0l{xYxQf1T&aTwk4^
zf8(DmPWqXe^4;rr+`>J{MlnKhHs9|2|1Z^kYtifKz`Km!eKhKvTkFvVM|Q7!kOZ1F
z1z}tAa$P}DenDzcNoHy>?+Hh)1_c4u3wz50m9kzkS{+N+FEPRJ*!tN0_deadcdU3$
z<P3|rR@TB-s;%{6?E-?r$0D{0v+)bx+Zq|SeajNt8bpx*nynJ{2sxL`z`(GPfq_97
z*>RqJF0K)JKAyoLpS^TGo$>Zudx6(mSL@uF^P7VVt{6Xf<OQC%z3K~^xxIMyBxLIL
z(rGW9N1sZ03$J|rQrv9(rC7Le)rB3uI#sJwmp+|Yq4H(pt;T@3IZ+|gX3mK^Gc|(A
z<yXMv9Si~9j7%cTkO^mytI!vXz?Kp$X#}ybEg^xJfO|~?NFM`(0K;3y#f(UcP>{8O
zX6_-%AS7sw1B3<Ab_!V=eBK*bKgi(_^$-%Y<^jS2>HozDT>$~|DRy^))<7UMNHc*o
zz*j5a)(2V>fzap7gycU+!H&<Bk`SE?kiaRx)QqSV@EHSIGXXIP<k{u;jKN;HKn#Z@
z0Z>e!uc3e#&cLvw@e8uy1Xfg_n~J`Y0b%M9W~5+)$1kbt8j$S+r3du23JCjxSdgQa
z*p&<D=A%zGBh3HEhGKpWV(J;)4D`WUgc(oyQOqDTl#6UIw&n)H;2v3|z=otzL^8vk
zKA?>cWII3sj9$1R>|jzP%ML_Qi*6NqQHii>KC)Gaf-}IIl?|jwfI)!a8Vdu1u@Z;}
E0G?_lI{*Lx
literal 0
HcmV?d00001
diff --git a/dbrepo-auth-service/listeners/src/test/resources/dbrepo-realm.json b/dbrepo-auth-service/listeners/src/test/resources/dbrepo-realm.json
new file mode 100644
index 0000000000..56f2003e96
--- /dev/null
+++ b/dbrepo-auth-service/listeners/src/test/resources/dbrepo-realm.json
@@ -0,0 +1,2798 @@
+{
+ "id" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "realm" : "dbrepo",
+ "notBefore" : 0,
+ "defaultSignatureAlgorithm" : "RS256",
+ "revokeRefreshToken" : false,
+ "refreshTokenMaxReuse" : 1,
+ "accessTokenLifespan" : 900,
+ "accessTokenLifespanForImplicitFlow" : 900,
+ "ssoSessionIdleTimeout" : 864000,
+ "ssoSessionMaxLifespan" : 2592000,
+ "ssoSessionIdleTimeoutRememberMe" : 0,
+ "ssoSessionMaxLifespanRememberMe" : 0,
+ "offlineSessionIdleTimeout" : 2592000,
+ "offlineSessionMaxLifespanEnabled" : false,
+ "offlineSessionMaxLifespan" : 5184000,
+ "clientSessionIdleTimeout" : 0,
+ "clientSessionMaxLifespan" : 0,
+ "clientOfflineSessionIdleTimeout" : 0,
+ "clientOfflineSessionMaxLifespan" : 0,
+ "accessCodeLifespan" : 60,
+ "accessCodeLifespanUserAction" : 300,
+ "accessCodeLifespanLogin" : 1800,
+ "actionTokenGeneratedByAdminLifespan" : 43200,
+ "actionTokenGeneratedByUserLifespan" : 1800,
+ "oauth2DeviceCodeLifespan" : 600,
+ "oauth2DevicePollingInterval" : 5,
+ "enabled" : true,
+ "sslRequired" : "none",
+ "registrationAllowed" : false,
+ "registrationEmailAsUsername" : false,
+ "rememberMe" : false,
+ "verifyEmail" : true,
+ "loginWithEmailAllowed" : false,
+ "duplicateEmailsAllowed" : false,
+ "resetPasswordAllowed" : false,
+ "editUsernameAllowed" : false,
+ "bruteForceProtected" : false,
+ "permanentLockout" : false,
+ "maxTemporaryLockouts" : 0,
+ "maxFailureWaitSeconds" : 900,
+ "minimumQuickLoginWaitSeconds" : 60,
+ "waitIncrementSeconds" : 60,
+ "quickLoginCheckMilliSeconds" : 1000,
+ "maxDeltaTimeSeconds" : 43200,
+ "failureFactor" : 30,
+ "roles" : {
+ "realm" : [ {
+ "id" : "48f38342-1e3f-427a-995d-c436eaee65cb",
+ "name" : "default-user-handling",
+ "description" : "${default-user-handling}",
+ "composite" : true,
+ "composites" : {
+ "realm" : [ "modify-user-theme", "modify-user-information" ]
+ },
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "9bb4a8dc-28e0-4645-b62f-cc94425f0cb0",
+ "name" : "default-maintenance-handling",
+ "description" : "${default-maintenance-handling}",
+ "composite" : true,
+ "composites" : {
+ "realm" : [ "create-maintenance-message", "find-maintenance-message", "update-maintenance-message", "delete-maintenance-message", "list-maintenance-messages" ]
+ },
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "7ee1c424-11b0-46a9-b0ed-725e9b7fc40c",
+ "name" : "default-system-roles",
+ "description" : "${default-system-roles}",
+ "composite" : true,
+ "composites" : {
+ "realm" : [ "delete-database-view", "update-semantic-unit", "export-query-data", "default-data-steward-roles", "execute-query", "default-user-handling", "delete-table-data", "find-query", "list-database-views", "persist-query", "update-search-index", "delete-database-access", "view-table-history", "create-ontology", "update-ontology", "modify-user-theme", "default-system-roles", "create-semantic-concept", "default-container-handling", "create-container", "create-table", "default-broker-handling", "default-maintenance-handling", "execute-semantic-query", "uma_authorization", "table-semantic-analyse", "list-containers", "check-database-access", "escalated-query-handling", "delete-identifier", "modify-database-owner", "list-tables", "export-table-data", "create-database-access", "delete-container", "re-execute-query", "create-semantic-unit", "escalated-identifier-handling", "system", "update-table-statistic", "escalated-semantics-handling", "default-database-handling", "delete-ontology", "find-database", "find-database-view", "update-semantic-concept", "find-user", "import-database-data", "publish-identifier", "default-roles-dbrepo", "find-foreign-user", "create-database", "create-maintenance-message", "find-maintenance-message", "escalated-container-handling", "default-researcher-roles", "default-identifier-handling", "escalated-user-handling", "modify-user-information", "create-database-view", "update-maintenance-message", "delete-foreign-table", "offline_access", "modify-foreign-table-column-semantics", "delete-maintenance-message", "find-container", "insert-table-data", "modify-identifier-metadata", "modify-database-image", "escalated-broker-handling", "modify-table-column-semantics", "escalated-database-handling", "default-semantics-handling", "update-database-access", "default-query-handling", "find-table", "list-queries", "default-developer-roles", "create-identifier", "escalated-table-handling", "find-identifier", "view-table-data", "list-licenses", "default-table-handling", "list-identifiers", "create-foreign-identifier", "list-databases", "list-ontologies", "modify-database-visibility", "list-maintenance-messages", "delete-table" ]
+ },
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "143ba359-5fa2-451e-8296-43ecf20bb251",
+ "name" : "update-semantic-concept",
+ "description" : "${update-semantic-concept}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "5136d7a3-e3f0-4585-bacd-15cb8a56095c",
+ "name" : "escalated-container-handling",
+ "description" : "${escalated-container-handling}",
+ "composite" : true,
+ "composites" : {
+ "realm" : [ "create-container", "delete-container" ]
+ },
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "b0bc8649-7d84-4dd3-84f0-7f174425babe",
+ "name" : "list-tables",
+ "description" : "${list-tables}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "bfd85d9c-2772-4660-a8f0-cdc0cd8252b3",
+ "name" : "default-database-handling",
+ "description" : "${default-database-handling}",
+ "composite" : true,
+ "composites" : {
+ "realm" : [ "modify-database-image", "modify-database-owner", "update-database-access", "create-database", "list-databases", "create-database-access", "find-database", "modify-database-visibility", "import-database-data", "delete-database-access", "check-database-access" ]
+ },
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "74648f9a-777e-4ef9-b97b-4c5d749d862f",
+ "name" : "update-search-index",
+ "description" : "${update-search-index}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "22492b64-c633-48a0-9678-b28669f2885b",
+ "name" : "execute-semantic-query",
+ "description" : "${execute-semantic-query}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "4ed919fa-edc5-44e5-9411-607786e4a86d",
+ "name" : "view-table-history",
+ "description" : "${view-table-history}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "d89a2881-b642-4abb-b990-196e71372f6b",
+ "name" : "default-table-handling",
+ "description" : "${default-table-handling}",
+ "composite" : true,
+ "composites" : {
+ "realm" : [ "modify-table-column-semantics", "list-tables", "update-table-statistic", "find-table", "create-table", "delete-table" ]
+ },
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "b0d66d3d-59b4-4aae-aa66-e3d5a49f28e3",
+ "name" : "view-database-view-data",
+ "description" : "${view-database-view-data}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "f5ea431a-9b2c-4195-bcb4-9511f38e4b44",
+ "name" : "create-database-view",
+ "description" : "${create-database-view}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "a5ffc20e-8b11-498c-9f3b-b5740aec24c7",
+ "name" : "default-semantics-handling",
+ "description" : "${default-semantics-handling}",
+ "composite" : true,
+ "composites" : {
+ "realm" : [ "create-semantic-unit", "create-semantic-concept", "execute-semantic-query", "table-semantic-analyse" ]
+ },
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "fe4a01f3-6590-4df6-9ade-5a9c1fae4736",
+ "name" : "create-semantic-unit",
+ "description" : "${create-semantic-unit}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "0e12eedf-545d-4d32-ac4d-2821dcb118b8",
+ "name" : "update-table-statistic",
+ "description" : "${update-table-statistic}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "e63e61a2-d852-4ad3-bfb5-92d9ceafef6a",
+ "name" : "escalated-user-handling",
+ "description" : "${escalated-user-handling}",
+ "composite" : true,
+ "composites" : {
+ "realm" : [ "find-user" ]
+ },
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "be4e1aba-e276-4241-b6ea-01dce6c52f8b",
+ "name" : "find-container",
+ "description" : "${find-container}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "3a801b48-f3c2-4bc6-aa25-c7a91d5b32a7",
+ "name" : "default-researcher-roles",
+ "description" : "${default-researcher-roles}",
+ "composite" : true,
+ "composites" : {
+ "realm" : [ "default-table-handling", "default-semantics-handling", "default-container-handling", "default-query-handling", "default-user-handling", "default-database-handling", "default-broker-handling", "default-identifier-handling" ]
+ },
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "3d8104fb-8307-40f0-b4b2-c3e518957110",
+ "name" : "view-table-data",
+ "description" : "${view-table-data}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "fe71b907-7020-44ab-9964-da2b87264582",
+ "name" : "create-database",
+ "description" : "${create-database}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "e51b63c2-48dd-4bd6-95fb-d257d21b26ba",
+ "name" : "import-database-data",
+ "description" : "${import-database-data}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "1f0a9b13-c2b8-474c-bc08-59dbd71835a6",
+ "name" : "modify-database-image",
+ "description" : "${modify-database-image}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "a7ad038c-5c06-42fc-951c-15ac09d4df66",
+ "name" : "modify-database-owner",
+ "description" : "${modify-database-owner}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "c12c1f4e-186f-4153-a795-26e79fb623d6",
+ "name" : "create-ontology",
+ "description" : "${create-ontology}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "b60a5694-4099-4f7d-a7e9-4c433e0eb9c9",
+ "name" : "update-semantic-unit",
+ "description" : "${update-semantic-unit}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "e9854bbb-4580-4757-b1ae-305934173249",
+ "name" : "create-database-access",
+ "description" : "${create-database-access}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "50c604c1-7c6e-43f3-9c43-2398f5eff66e",
+ "name" : "list-databases",
+ "description" : "${list-databases}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "535f1484-4514-4d24-8d97-e3f6c11a426b",
+ "name" : "create-container",
+ "description" : "${create-container}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "f4116230-8642-4bb7-bbc8-db9c5c07b558",
+ "name" : "create-maintenance-message",
+ "description" : "${create-maintenance-message}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "973f0999-cc70-4b28-9f43-979c470bea8e",
+ "name" : "default-data-steward-roles",
+ "description" : "${default-data-steward-roles}",
+ "composite" : true,
+ "composites" : {
+ "realm" : [ "escalated-identifier-handling", "default-semantics-handling", "escalated-semantics-handling", "default-user-handling" ]
+ },
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "e1383fb7-d54c-4732-9146-93030eb2ca50",
+ "name" : "escalated-query-handling",
+ "description" : "${escalated-query-handling}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "993b5c69-9eb2-42af-ac28-b4a46c6b61f2",
+ "name" : "find-user",
+ "description" : "${find-user}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "e4cfdc4d-2373-477b-a8df-161db99aba00",
+ "name" : "create-foreign-identifier",
+ "description" : "${create-foreign-identifier}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "6a5872a5-2b51-415d-ae2d-25a6db4a35df",
+ "name" : "escalated-semantics-handling",
+ "description" : "${escalated-semantics-handling}",
+ "composite" : true,
+ "composites" : {
+ "realm" : [ "update-semantic-unit", "create-ontology", "update-ontology", "list-ontologies", "delete-ontology", "modify-foreign-table-column-semantics", "update-semantic-concept" ]
+ },
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "09147c48-273b-450b-8b11-7ef9b9245244",
+ "name" : "export-table-data",
+ "description" : "${export-table-data}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "d14af590-60a8-4d75-b864-40ee0165bd7f",
+ "name" : "delete-database-access",
+ "description" : "${delete-database-access}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "be051d45-cd74-4b13-8a45-f2d3351bd995",
+ "name" : "table-semantic-analyse",
+ "description" : "${table-semantic-analyse}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "272a79a7-e282-4261-8f7d-5d5d1364243a",
+ "name" : "update-maintenance-message",
+ "description" : "${update-maintenance-message}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "64c16bfb-2015-48ad-a23f-637ff24419cb",
+ "name" : "default-query-handling",
+ "description" : "${default-query-handling}",
+ "composite" : true,
+ "composites" : {
+ "realm" : [ "delete-database-view", "export-query-data", "execute-query", "delete-table-data", "export-table-data", "list-queries", "find-query", "list-database-views", "persist-query", "view-table-data", "re-execute-query", "view-table-history", "create-database-view", "find-database-view", "insert-table-data" ]
+ },
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "c047d521-cec3-4444-86c4-aef098489b7b",
+ "name" : "delete-maintenance-message",
+ "description" : "${delete-maintenance-message}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "88f82262-be80-4d18-9fb4-5529da031f33",
+ "name" : "system",
+ "description" : "${system}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "e14ab76b-1c24-484d-ae2d-478b8457edea",
+ "name" : "list-licenses",
+ "description" : "${list-licenses}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "d4f29937-3ca0-41e9-9786-2b7b921b6cdd",
+ "name" : "modify-foreign-table-column-semantics",
+ "description" : "${modify-foreign-table-column-semantics}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "8eda9f5c-938c-4915-bed5-6a81a1de15a8",
+ "name" : "list-database-views",
+ "description" : "${list-database-views}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "b372f8f7-d203-4293-b991-ad93fb505917",
+ "name" : "escalated-database-handling",
+ "description" : "${escalated-database-handling}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "abd2d9ee-ebc4-4d0a-839e-6b588a6d442a",
+ "name" : "default-roles-dbrepo",
+ "description" : "${role_default-roles}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "3293799a-82b9-4f47-8f25-1aad2e0222fd",
+ "name" : "find-identifier",
+ "description" : "${find-identifier}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "aaa3f804-38a0-4474-b8e9-f1020c4b3f62",
+ "name" : "list-queries",
+ "description" : "${list-queries}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "76e38f7b-99bf-4d12-8d74-1c7d8812f443",
+ "name" : "update-ontology",
+ "description" : "${update-ontology}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "11f7973e-d1eb-42cb-a35d-c59dfc122775",
+ "name" : "modify-user-theme",
+ "description" : "${modify-user-theme}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "f392bfcb-0be5-4fad-9ce4-8ac6396f176d",
+ "name" : "export-query-data",
+ "description" : "${export-query-data}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "da493b7e-fb9b-43ca-82a5-e274ad2e6b39",
+ "name" : "find-query",
+ "description" : "${find-query}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "a4d4a788-ebcf-4d32-baed-4a85616ca037",
+ "name" : "escalated-identifier-handling",
+ "description" : "${escalated-identifier-handling}",
+ "composite" : true,
+ "composites" : {
+ "realm" : [ "create-foreign-identifier", "modify-identifier-metadata" ]
+ },
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "ea38d69d-17b8-4c65-95e8-1c3501b83618",
+ "name" : "default-container-handling",
+ "description" : "${default-container-handling}",
+ "composite" : true,
+ "composites" : {
+ "realm" : [ "find-container", "list-containers" ]
+ },
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "8b8813e0-af07-4d04-a8c1-e3f37192bace",
+ "name" : "publish-identifier",
+ "description" : "${publish-identifier}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "47f5eee7-9821-4bf8-b434-0da1f81c3e5a",
+ "name" : "default-broker-handling",
+ "description" : "${default-broker-handling}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "71874bde-64a5-4a69-8685-d8998303a80c",
+ "name" : "delete-table-data",
+ "description" : "${delete-table-data}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "7c0306fc-3b03-4c64-87d1-9a34f2073977",
+ "name" : "modify-table-column-semantics",
+ "description" : "${modify-table-column-semantics}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "cd0ee04c-4a5e-4035-a11b-f6a1165f7829",
+ "name" : "delete-container",
+ "description" : "${delete-container}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "67ee39c0-d601-4a67-a0fe-c4f0021d557e",
+ "name" : "list-containers",
+ "description" : "${list-containers}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "795c7bb8-3502-414a-a97b-2ba1cfd6a79c",
+ "name" : "persist-query",
+ "description" : "${persist-query}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "d05e7698-ddf5-4f20-9027-771afb2cc3c7",
+ "name" : "list-identifiers",
+ "description" : "${list-identifiers}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "e4bfaf36-9a5d-43e0-9fa3-0f4ea7bad8d0",
+ "name" : "default-developer-roles",
+ "description" : "${default-developer-roles}",
+ "composite" : true,
+ "composites" : {
+ "realm" : [ "escalated-query-handling", "escalated-broker-handling", "default-table-handling", "escalated-database-handling", "default-container-handling", "default-query-handling", "default-user-handling", "default-database-handling", "default-maintenance-handling", "escalated-container-handling", "escalated-table-handling", "default-identifier-handling" ]
+ },
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "e2cb054e-ea41-4ab0-881b-e6f576f7424e",
+ "name" : "create-semantic-concept",
+ "description" : "${create-semantic-concept}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "feb612cc-96a6-4ed2-aaa5-01f39b25beb5",
+ "name" : "insert-table-data",
+ "description" : "${insert-table-data}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "a0942e33-441b-4343-9f02-4353d03f7bbb",
+ "name" : "find-database",
+ "description" : "${find-database}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "6a0bb740-4448-49be-aee8-6dd183325be5",
+ "name" : "delete-foreign-table",
+ "description" : "${delete-foreign-table}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "7f3652c7-3073-4566-ab63-25385495ebc3",
+ "name" : "modify-database-visibility",
+ "description" : "${modify-database-visibility}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "4a5df51d-f14d-41a2-ad70-6521df5a5b4f",
+ "name" : "offline_access",
+ "description" : "${role_offline-access}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "fd41c4c3-d2f8-4f49-84c7-dba84e9a5575",
+ "name" : "execute-query",
+ "description" : "${execute-query}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "2963c2bb-b129-4224-b98f-c8eeab8e72d1",
+ "name" : "create-table",
+ "description" : "${create-table}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "0c487c93-448f-4a82-8b9f-ebd8a0904bf8",
+ "name" : "find-foreign-user",
+ "description" : "${find-foreign-user}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "cf9735a9-fb70-4cc5-b5f4-75afc4e5654b",
+ "name" : "modify-identifier-metadata",
+ "description" : "${modify-identifier-metadata}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "64c2b8f2-1527-4928-81ea-b2651512d028",
+ "name" : "delete-ontology",
+ "description" : "${delete-ontology}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "d6e38368-b40f-423b-82e4-e8aa595237c9",
+ "name" : "find-maintenance-message",
+ "description" : "${find-maintenance-message}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "fd1cc463-3e67-49d9-81b8-2cd90c1daa9c",
+ "name" : "check-database-access",
+ "description" : "${check-database-access}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "74013867-e426-46cc-ab98-2f4a9225ad1e",
+ "name" : "find-table",
+ "description" : "${find-table}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "a2cc60df-d280-46c5-a539-92e2aa249b4a",
+ "name" : "modify-user-information",
+ "description" : "${modify-user-information}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "c367241f-b5b5-491f-84d5-07fe1bef3877",
+ "name" : "default-identifier-handling",
+ "description" : "${default-identifier-handling}",
+ "composite" : true,
+ "composites" : {
+ "realm" : [ "delete-identifier", "list-identifiers", "create-identifier", "find-identifier", "publish-identifier" ]
+ },
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "ba1ad8f2-39aa-487d-987f-645e8a459559",
+ "name" : "delete-table",
+ "description" : "${delete-table}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "09f7bdb0-296f-46c8-a3a3-8f9254fb17e4",
+ "name" : "list-maintenance-messages",
+ "description" : "${list-maintenance-messages}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "fe3bc45c-61c2-4ece-bcaf-d410dc7de501",
+ "name" : "update-database-access",
+ "description" : "${update-database-access}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "f43e86ed-76de-4ca8-9b5e-c292c9359bfe",
+ "name" : "escalated-broker-handling",
+ "description" : "${escalated-broker-handling}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "916b1e65-f60c-42cd-96e4-5c98ffc1ba3c",
+ "name" : "uma_authorization",
+ "description" : "${role_uma_authorization}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "d1afa3ed-bf4f-469a-a061-ad7325fb8d9e",
+ "name" : "delete-database-view",
+ "description" : "${delete-database-view}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "6f044bad-6651-4408-bffa-20c2d8f92eee",
+ "name" : "create-identifier",
+ "description" : "${create-identifier}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "be91195a-e30a-4d15-a8da-0aca0a68782f",
+ "name" : "escalated-table-handling",
+ "description" : "${escalated-table-handling}",
+ "composite" : true,
+ "composites" : {
+ "realm" : [ "delete-foreign-table" ]
+ },
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "98bee7d6-d78c-4e7f-b6a3-3705968b248c",
+ "name" : "list-ontologies",
+ "description" : "${list-ontologies}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "15720c6b-027d-4d53-a0ff-0124bfab7c4c",
+ "name" : "re-execute-query",
+ "description" : "${re-execute-query}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "a9b5181a-8135-41d3-9862-ef80af42211d",
+ "name" : "delete-identifier",
+ "description" : "${delete-identifier}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ }, {
+ "id" : "469c2e63-cda6-48d4-ab8f-eb59a2c69798",
+ "name" : "find-database-view",
+ "description" : "${find-database-view}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0",
+ "attributes" : { }
+ } ],
+ "client" : {
+ "realm-management" : [ {
+ "id" : "4628f654-f8f3-483b-8f92-2a7fc5930b14",
+ "name" : "query-realms",
+ "description" : "${role_query-realms}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+ "attributes" : { }
+ }, {
+ "id" : "95c2cc47-12f5-4d73-8b74-67e270c45ade",
+ "name" : "manage-authorization",
+ "description" : "${role_manage-authorization}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+ "attributes" : { }
+ }, {
+ "id" : "824791f3-c345-42f8-b103-b7e6d7e40114",
+ "name" : "manage-identity-providers",
+ "description" : "${role_manage-identity-providers}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+ "attributes" : { }
+ }, {
+ "id" : "1f840202-b7e2-4195-bac9-64e64dad2037",
+ "name" : "view-identity-providers",
+ "description" : "${role_view-identity-providers}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+ "attributes" : { }
+ }, {
+ "id" : "3c32c096-bb13-44c9-a080-d756a48a9ea3",
+ "name" : "query-clients",
+ "description" : "${role_query-clients}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+ "attributes" : { }
+ }, {
+ "id" : "e4b85a68-7f31-4fcf-89a2-f10d7df358e9",
+ "name" : "view-authorization",
+ "description" : "${role_view-authorization}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+ "attributes" : { }
+ }, {
+ "id" : "7d317752-ae56-46f2-a2ce-67c64d1b35f6",
+ "name" : "view-users",
+ "description" : "${role_view-users}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "query-users", "query-groups" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+ "attributes" : { }
+ }, {
+ "id" : "28824208-976e-4622-b4d7-3d18efbb46fa",
+ "name" : "realm-admin",
+ "description" : "${role_realm-admin}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "query-realms", "view-identity-providers", "manage-identity-providers", "manage-authorization", "query-clients", "view-authorization", "view-users", "manage-users", "view-realm", "query-users", "view-clients", "query-groups", "create-client", "manage-clients", "manage-events", "impersonation", "view-events", "manage-realm" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+ "attributes" : { }
+ }, {
+ "id" : "57e846a2-930d-4621-819d-c35086507146",
+ "name" : "manage-users",
+ "description" : "${role_manage-users}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+ "attributes" : { }
+ }, {
+ "id" : "7fad9cde-bf96-475a-9174-14a87da51f95",
+ "name" : "view-realm",
+ "description" : "${role_view-realm}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+ "attributes" : { }
+ }, {
+ "id" : "bbcac294-d78a-4ea1-a4bf-0384266d2fe1",
+ "name" : "query-users",
+ "description" : "${role_query-users}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+ "attributes" : { }
+ }, {
+ "id" : "480e1437-ab9e-47de-b47a-edc6b6e285de",
+ "name" : "view-clients",
+ "description" : "${role_view-clients}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "realm-management" : [ "query-clients" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+ "attributes" : { }
+ }, {
+ "id" : "b9a9a8f5-f91e-4e73-9e88-1cdf42bd49f9",
+ "name" : "create-client",
+ "description" : "${role_create-client}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+ "attributes" : { }
+ }, {
+ "id" : "4d1397fb-247c-436f-b26f-124cd89afb08",
+ "name" : "query-groups",
+ "description" : "${role_query-groups}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+ "attributes" : { }
+ }, {
+ "id" : "e31f522b-b283-4ae1-b875-52afcd98b1d2",
+ "name" : "impersonation",
+ "description" : "${role_impersonation}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+ "attributes" : { }
+ }, {
+ "id" : "51822d02-fa28-4a49-89da-bc534719d8a8",
+ "name" : "manage-clients",
+ "description" : "${role_manage-clients}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+ "attributes" : { }
+ }, {
+ "id" : "b2743ce5-0ce8-4157-ae00-f693560f0b39",
+ "name" : "manage-events",
+ "description" : "${role_manage-events}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+ "attributes" : { }
+ }, {
+ "id" : "7ea3d7e0-9bf4-438a-b773-243daf622aaa",
+ "name" : "view-events",
+ "description" : "${role_view-events}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+ "attributes" : { }
+ }, {
+ "id" : "fb73f6f5-0ed5-41d0-852c-0eb3b195b15a",
+ "name" : "manage-realm",
+ "description" : "${role_manage-realm}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+ "attributes" : { }
+ } ],
+ "security-admin-console" : [ ],
+ "dbrepo-client" : [ ],
+ "admin-cli" : [ ],
+ "rabbitmq-client" : [ ],
+ "account-console" : [ ],
+ "broker" : [ {
+ "id" : "de0cfd5e-c2fe-4082-ac39-e3b092139a0f",
+ "name" : "read-token",
+ "description" : "${role_read-token}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "88694c91-753d-4c44-9740-ec9ac06bba45",
+ "attributes" : { }
+ } ],
+ "account" : [ {
+ "id" : "acd78c04-eefc-4344-a5b4-3fc83d848936",
+ "name" : "delete-account",
+ "description" : "${role_delete-account}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "e767a4a6-79e9-4e08-82b7-1076e1a09142",
+ "attributes" : { }
+ }, {
+ "id" : "939be844-8c49-45b3-9ca1-4b10a454b346",
+ "name" : "view-profile",
+ "description" : "${role_view-profile}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "e767a4a6-79e9-4e08-82b7-1076e1a09142",
+ "attributes" : { }
+ }, {
+ "id" : "e52fdf00-3e73-4c17-bc1c-643493710a6b",
+ "name" : "view-applications",
+ "description" : "${role_view-applications}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "e767a4a6-79e9-4e08-82b7-1076e1a09142",
+ "attributes" : { }
+ }, {
+ "id" : "b02a822e-a708-420a-bddc-1a315033fd7c",
+ "name" : "view-consent",
+ "description" : "${role_view-consent}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "e767a4a6-79e9-4e08-82b7-1076e1a09142",
+ "attributes" : { }
+ }, {
+ "id" : "c590e5f5-2cbf-4151-b1dc-96c454f1f654",
+ "name" : "view-groups",
+ "description" : "${role_view-groups}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "e767a4a6-79e9-4e08-82b7-1076e1a09142",
+ "attributes" : { }
+ }, {
+ "id" : "15974151-6c13-426b-8cc3-7683dd1311e1",
+ "name" : "manage-account-links",
+ "description" : "${role_manage-account-links}",
+ "composite" : false,
+ "clientRole" : true,
+ "containerId" : "e767a4a6-79e9-4e08-82b7-1076e1a09142",
+ "attributes" : { }
+ }, {
+ "id" : "c12d8d94-c2df-498e-bbe4-2f934a83ae92",
+ "name" : "manage-consent",
+ "description" : "${role_manage-consent}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "account" : [ "view-consent" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "e767a4a6-79e9-4e08-82b7-1076e1a09142",
+ "attributes" : { }
+ }, {
+ "id" : "55f85811-bded-4d6b-8f7b-45844b963875",
+ "name" : "manage-account",
+ "description" : "${role_manage-account}",
+ "composite" : true,
+ "composites" : {
+ "client" : {
+ "account" : [ "manage-account-links" ]
+ }
+ },
+ "clientRole" : true,
+ "containerId" : "e767a4a6-79e9-4e08-82b7-1076e1a09142",
+ "attributes" : { }
+ } ]
+ }
+ },
+ "groups" : [ {
+ "id" : "f2ce17fe-7b15-47a4-bbf8-86f415298fa9",
+ "name" : "data-stewards",
+ "path" : "/data-stewards",
+ "subGroups" : [ ],
+ "attributes" : { },
+ "realmRoles" : [ "default-data-steward-roles" ],
+ "clientRoles" : { }
+ }, {
+ "id" : "124d9888-0b6e-46aa-8225-077dcedaf16e",
+ "name" : "developers",
+ "path" : "/developers",
+ "subGroups" : [ ],
+ "attributes" : { },
+ "realmRoles" : [ "default-developer-roles" ],
+ "clientRoles" : { }
+ }, {
+ "id" : "f467c38e-9041-4faa-ae0b-39cec65ff4db",
+ "name" : "researchers",
+ "path" : "/researchers",
+ "subGroups" : [ ],
+ "attributes" : { },
+ "realmRoles" : [ "default-researcher-roles" ],
+ "clientRoles" : { }
+ }, {
+ "id" : "2b9f94b4-d434-4a98-8eab-25678cfee983",
+ "name" : "system",
+ "path" : "/system",
+ "subGroups" : [ ],
+ "attributes" : { },
+ "realmRoles" : [ "default-system-roles" ],
+ "clientRoles" : { }
+ } ],
+ "defaultRole" : {
+ "id" : "abd2d9ee-ebc4-4d0a-839e-6b588a6d442a",
+ "name" : "default-roles-dbrepo",
+ "description" : "${role_default-roles}",
+ "composite" : false,
+ "clientRole" : false,
+ "containerId" : "82c39861-d877-4667-a0f3-4daa2ee230e0"
+ },
+ "defaultGroups" : [ "/researchers" ],
+ "requiredCredentials" : [ "password" ],
+ "otpPolicyType" : "totp",
+ "otpPolicyAlgorithm" : "HmacSHA1",
+ "otpPolicyInitialCounter" : 0,
+ "otpPolicyDigits" : 6,
+ "otpPolicyLookAheadWindow" : 1,
+ "otpPolicyPeriod" : 30,
+ "otpPolicyCodeReusable" : false,
+ "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppGoogleName", "totpAppMicrosoftAuthenticatorName" ],
+ "localizationTexts" : { },
+ "webAuthnPolicyRpEntityName" : "keycloak",
+ "webAuthnPolicySignatureAlgorithms" : [ "ES256" ],
+ "webAuthnPolicyRpId" : "",
+ "webAuthnPolicyAttestationConveyancePreference" : "not specified",
+ "webAuthnPolicyAuthenticatorAttachment" : "not specified",
+ "webAuthnPolicyRequireResidentKey" : "not specified",
+ "webAuthnPolicyUserVerificationRequirement" : "not specified",
+ "webAuthnPolicyCreateTimeout" : 0,
+ "webAuthnPolicyAvoidSameAuthenticatorRegister" : false,
+ "webAuthnPolicyAcceptableAaguids" : [ ],
+ "webAuthnPolicyExtraOrigins" : [ ],
+ "webAuthnPolicyPasswordlessRpEntityName" : "keycloak",
+ "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ],
+ "webAuthnPolicyPasswordlessRpId" : "",
+ "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified",
+ "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified",
+ "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified",
+ "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified",
+ "webAuthnPolicyPasswordlessCreateTimeout" : 0,
+ "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false,
+ "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ],
+ "webAuthnPolicyPasswordlessExtraOrigins" : [ ],
+ "scopeMappings" : [ {
+ "clientScope" : "rabbitmq.tag:administrator",
+ "roles" : [ "escalated-broker-handling" ]
+ }, {
+ "clientScope" : "rabbitmq.tag:management",
+ "roles" : [ "default-broker-handling" ]
+ } ],
+ "clientScopeMappings" : {
+ "account" : [ {
+ "client" : "account-console",
+ "roles" : [ "manage-account", "view-groups" ]
+ } ]
+ },
+ "clients" : [ {
+ "id" : "e767a4a6-79e9-4e08-82b7-1076e1a09142",
+ "clientId" : "account",
+ "name" : "${client_account}",
+ "rootUrl" : "${authBaseUrl}",
+ "baseUrl" : "/realms/dbrepo/account/",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ "/realms/dbrepo/account/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "post.logout.redirect.uris" : "+"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "d3c4a04e-39ce-4549-a34a-11e25774cd96",
+ "clientId" : "account-console",
+ "name" : "${client_account-console}",
+ "rootUrl" : "${authBaseUrl}",
+ "baseUrl" : "/realms/dbrepo/account/",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ "/realms/dbrepo/account/*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "post.logout.redirect.uris" : "+",
+ "pkce.code.challenge.method" : "S256"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "22d90d9c-9881-474c-8dfd-a62c808a9f1c",
+ "name" : "audience resolve",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-audience-resolve-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "81ef0f59-a5ca-4be4-a1d1-0c32edf1cfd6",
+ "clientId" : "admin-cli",
+ "name" : "${client_admin-cli}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : false,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : true,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "post.logout.redirect.uris" : "+"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "88694c91-753d-4c44-9740-ec9ac06bba45",
+ "clientId" : "broker",
+ "name" : "${client_broker}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : true,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "post.logout.redirect.uris" : "+"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "6b7ef364-4132-4831-b4e2-b6e9e9dc63ee",
+ "clientId" : "dbrepo-client",
+ "name" : "${dbrepo-client}",
+ "description" : "",
+ "rootUrl" : "",
+ "adminUrl" : "",
+ "baseUrl" : "",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : true,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG",
+ "redirectUris" : [ "*" ],
+ "webOrigins" : [ "*" ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : true,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : true,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "oidc.ciba.grant.enabled" : "false",
+ "client.secret.creation.time" : "1680085365",
+ "backchannel.logout.session.required" : "true",
+ "post.logout.redirect.uris" : "*",
+ "oauth2.device.authorization.grant.enabled" : "false",
+ "backchannel.logout.revoke.offline.tokens" : "false"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : true,
+ "nodeReRegistrationTimeout" : -1,
+ "protocolMappers" : [ {
+ "id" : "da0b27c1-ae2e-4baa-bf78-db233e15c78d",
+ "name" : "preferred_username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "userinfo.token.claim" : "true"
+ }
+ }, {
+ "id" : "7c94de93-f60f-487b-b4b7-1891c67f74cc",
+ "name" : "aud",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-hardcoded-claim-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "claim.value" : "dbrepo",
+ "userinfo.token.claim" : "true",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "aud",
+ "access.tokenResponse.claim" : "false"
+ }
+ }, {
+ "id" : "0b4c644f-0cf0-4794-8395-d5d83009dabe",
+ "name" : "uid",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "introspection.token.claim" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "CUSTOM_ID",
+ "id.token.claim" : "true",
+ "lightweight.claim" : "false",
+ "access.token.claim" : "true",
+ "claim.name" : "uid",
+ "jsonType.label" : "String"
+ }
+ } ],
+ "defaultClientScopes" : [ "roles", "attributes" ],
+ "optionalClientScopes" : [ "rabbitmq.read:*/*", "web-origins", "acr", "rabbitmq.write:*/*", "address", "phone", "offline_access", "profile", "microprofile-jwt", "email", "rabbitmq.configure:*/*" ]
+ }, {
+ "id" : "25741f6b-4867-4138-8238-6345c6ba8702",
+ "clientId" : "rabbitmq-client",
+ "name" : "${rabbitmq-client}",
+ "description" : "",
+ "rootUrl" : "",
+ "adminUrl" : "",
+ "baseUrl" : "",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "secret" : "JEC2FexxrX4N65fLeDGukAl6R3Lc9y0u",
+ "redirectUris" : [ "*" ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : true,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : true,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "oidc.ciba.grant.enabled" : "false",
+ "client.secret.creation.time" : "1680000860",
+ "backchannel.logout.session.required" : "true",
+ "post.logout.redirect.uris" : "*",
+ "oauth2.device.authorization.grant.enabled" : "false",
+ "backchannel.logout.revoke.offline.tokens" : "false"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : -1,
+ "protocolMappers" : [ {
+ "id" : "01a937ed-f0e8-4137-80f3-3be3c447f7fb",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "false",
+ "user.attribute" : "username",
+ "id.token.claim" : "false",
+ "access.token.claim" : "true",
+ "claim.name" : "client_id",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "f1afc22d-f595-403b-ba2e-6ab19d98205e",
+ "name" : "Audience",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-hardcoded-claim-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "claim.value" : "rabbitmq",
+ "userinfo.token.claim" : "false",
+ "id.token.claim" : "false",
+ "access.token.claim" : "true",
+ "claim.name" : "aud",
+ "access.tokenResponse.claim" : "false"
+ }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "acr", "rabbitmq.tag:management" ],
+ "optionalClientScopes" : [ "rabbitmq.read:*/*", "rabbitmq.write:*/*", "address", "phone", "offline_access", "profile", "roles", "microprofile-jwt", "email", "rabbitmq.configure:*/*" ]
+ }, {
+ "id" : "cfffd5d0-aa19-4057-8ca0-f2c51ca0e930",
+ "clientId" : "realm-management",
+ "name" : "${client_realm-management}",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ ],
+ "webOrigins" : [ ],
+ "notBefore" : 0,
+ "bearerOnly" : true,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : false,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "post.logout.redirect.uris" : "+"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ }, {
+ "id" : "f205c451-9524-4380-acc3-947f7ecb6b7c",
+ "clientId" : "security-admin-console",
+ "name" : "${client_security-admin-console}",
+ "rootUrl" : "${authAdminUrl}",
+ "baseUrl" : "/admin/dbrepo/console/",
+ "surrogateAuthRequired" : false,
+ "enabled" : true,
+ "alwaysDisplayInConsole" : false,
+ "clientAuthenticatorType" : "client-secret",
+ "redirectUris" : [ "/admin/dbrepo/console/*" ],
+ "webOrigins" : [ "+" ],
+ "notBefore" : 0,
+ "bearerOnly" : false,
+ "consentRequired" : false,
+ "standardFlowEnabled" : true,
+ "implicitFlowEnabled" : false,
+ "directAccessGrantsEnabled" : false,
+ "serviceAccountsEnabled" : false,
+ "publicClient" : true,
+ "frontchannelLogout" : false,
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "post.logout.redirect.uris" : "+",
+ "pkce.code.challenge.method" : "S256"
+ },
+ "authenticationFlowBindingOverrides" : { },
+ "fullScopeAllowed" : false,
+ "nodeReRegistrationTimeout" : 0,
+ "protocolMappers" : [ {
+ "id" : "c4d54410-3f22-4259-9571-94da2c43b752",
+ "name" : "locale",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "locale",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "locale",
+ "jsonType.label" : "String"
+ }
+ } ],
+ "defaultClientScopes" : [ "web-origins", "acr", "profile", "roles", "email" ],
+ "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ]
+ } ],
+ "clientScopes" : [ {
+ "id" : "69f4ecf0-4165-49ab-bf0d-38409b15b706",
+ "name" : "rabbitmq.tag:administrator",
+ "description" : "administrator",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "gui.order" : "",
+ "consent.screen.text" : ""
+ }
+ }, {
+ "id" : "7f6e9b44-e2eb-417d-b0fe-db820c9a6564",
+ "name" : "email",
+ "description" : "OpenID Connect built-in scope: email",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${emailScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "782819fe-ba5d-4ddb-9f95-cabb69d79c8d",
+ "name" : "email verified",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "emailVerified",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email_verified",
+ "jsonType.label" : "boolean"
+ }
+ }, {
+ "id" : "ca613fc8-bbf2-4240-8b33-a1874f1559f3",
+ "name" : "email",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "email",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "email",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "b9da268f-6745-49dc-a764-3c54e385accc",
+ "name" : "profile",
+ "description" : "OpenID Connect built-in scope: profile",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${profileScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "84f0487a-1d7d-470c-9b8e-5835294ae235",
+ "name" : "username",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "preferred_username",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "bbdcdb36-3ec0-443d-b1af-9993d40f0567",
+ "name" : "gender",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "gender",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "gender",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "9faa870b-5491-4ce9-b27d-c9ce07d6a95e",
+ "name" : "birthdate",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "birthdate",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "birthdate",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "f0e3c012-9523-4076-83ae-e466e2d08220",
+ "name" : "full name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-full-name-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "userinfo.token.claim" : "true"
+ }
+ }, {
+ "id" : "f757d8ec-e181-429c-9287-9ad0600b061f",
+ "name" : "profile",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "profile",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "profile",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "18cfbf4b-0a8e-45c7-a832-c0f72c92f3f3",
+ "name" : "updated at",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "updatedAt",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "updated_at",
+ "jsonType.label" : "long"
+ }
+ }, {
+ "id" : "841ea785-26ab-429a-a420-09ce3948924d",
+ "name" : "family name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "lastName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "family_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "bfba13ff-f952-4e89-bbb1-a693fdebfae8",
+ "name" : "website",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "website",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "website",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "475f071d-5149-4379-b928-76482f5f519c",
+ "name" : "zoneinfo",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "zoneinfo",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "zoneinfo",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "b8bebfed-b5e9-4604-a0ee-9817f7d439ac",
+ "name" : "middle name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "middleName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "middle_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "445232c8-6830-476c-a6f1-8bbef167595a",
+ "name" : "picture",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "picture",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "picture",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "65f2e474-6ede-4872-86e4-e49504dd0f2a",
+ "name" : "locale",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "locale",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "locale",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "16cd5a27-ccf3-453c-ae1e-8621813ab73c",
+ "name" : "given name",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "firstName",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "given_name",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "f9efedfc-3388-457c-b10a-1dff4525ff9b",
+ "name" : "nickname",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "nickname",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "nickname",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "627fa054-08eb-4206-af71-9e838e984b8b",
+ "name" : "microprofile-jwt",
+ "description" : "Microprofile - JWT built-in scope",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "false"
+ },
+ "protocolMappers" : [ {
+ "id" : "e6cc53e5-5d7e-468e-88c8-0737dd3dc759",
+ "name" : "groups",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "multivalued" : "true",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "foo",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "groups",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "83b4444c-10fc-44e8-a0c0-0c1da1f9bba3",
+ "name" : "upn",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-property-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "username",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "upn",
+ "jsonType.label" : "String"
+ }
+ } ]
+ }, {
+ "id" : "4122ff9e-ad3c-4142-afc6-9aefdecfc86d",
+ "name" : "role_list",
+ "description" : "SAML role list",
+ "protocol" : "saml",
+ "attributes" : {
+ "consent.screen.text" : "${samlRoleListScopeConsentText}",
+ "display.on.consent.screen" : "true"
+ },
+ "protocolMappers" : [ {
+ "id" : "bb0747fa-c008-4af3-93be-e7739650ebd5",
+ "name" : "role list",
+ "protocol" : "saml",
+ "protocolMapper" : "saml-role-list-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "single" : "false",
+ "attribute.nameformat" : "Basic",
+ "attribute.name" : "Role"
+ }
+ } ]
+ }, {
+ "id" : "2e76447d-fbe7-4fa7-a16c-54a381b960ae",
+ "name" : "rabbitmq.configure:*/*",
+ "description" : "",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "false",
+ "gui.order" : "",
+ "consent.screen.text" : ""
+ }
+ }, {
+ "id" : "52aad832-c6c4-49df-8a04-6ad4a406fdfa",
+ "name" : "phone",
+ "description" : "OpenID Connect built-in scope: phone",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${phoneScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "dae802fb-9138-408a-b80e-a40eb0f56814",
+ "name" : "phone number",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "phoneNumber",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "phone_number",
+ "jsonType.label" : "String"
+ }
+ }, {
+ "id" : "feb06a8d-b0eb-4911-8464-368d93f566fa",
+ "name" : "phone number verified",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "phoneNumberVerified",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "phone_number_verified",
+ "jsonType.label" : "boolean"
+ }
+ } ]
+ }, {
+ "id" : "f64d64e8-57ce-4eb2-b99e-9f02fdbd99f9",
+ "name" : "web-origins",
+ "description" : "OpenID Connect scope for add allowed web origins to the access token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "false",
+ "consent.screen.text" : ""
+ },
+ "protocolMappers" : [ {
+ "id" : "c6411e3b-6478-453d-b530-5fe175a4d786",
+ "name" : "allowed web origins",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-allowed-origins-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ } ]
+ }, {
+ "id" : "55341d34-0086-4173-ae61-d9b175b179d8",
+ "name" : "acr",
+ "description" : "OpenID Connect scope for add acr (authentication context class reference) to the token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "false"
+ },
+ "protocolMappers" : [ {
+ "id" : "58ea3217-0fff-4207-9d08-919f5493b629",
+ "name" : "acr loa level",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-acr-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "userinfo.token.claim" : "true"
+ }
+ } ]
+ }, {
+ "id" : "a02c2c38-923c-46ec-9899-321412b388e5",
+ "name" : "attributes",
+ "description" : "User Attributes",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "false",
+ "gui.order" : "",
+ "consent.screen.text" : ""
+ },
+ "protocolMappers" : [ {
+ "id" : "78c461c1-f3f9-4d10-8835-097f13bdcd60",
+ "name" : "Theme",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-attribute-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "aggregate.attrs" : "false",
+ "multivalued" : "false",
+ "userinfo.token.claim" : "true",
+ "user.attribute" : "theme_dark",
+ "id.token.claim" : "true",
+ "access.token.claim" : "true",
+ "claim.name" : "attributes.theme_dark"
+ }
+ } ]
+ }, {
+ "id" : "06062e22-89c0-4e1d-a25b-2483903b02d5",
+ "name" : "rabbitmq.write:*/*",
+ "description" : "",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "false",
+ "gui.order" : "",
+ "consent.screen.text" : ""
+ }
+ }, {
+ "id" : "db63e03b-7918-492f-997b-f2dda98f3b39",
+ "name" : "rabbitmq.tag:management",
+ "description" : "management",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "gui.order" : "",
+ "consent.screen.text" : ""
+ }
+ }, {
+ "id" : "210cc792-6c07-45a6-a77e-827cdf3b41ba",
+ "name" : "offline_access",
+ "description" : "OpenID Connect built-in scope: offline_access",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "consent.screen.text" : "${offlineAccessScopeConsentText}",
+ "display.on.consent.screen" : "true"
+ }
+ }, {
+ "id" : "425abf4a-2ee2-431d-aa92-e373a36fe556",
+ "name" : "address",
+ "description" : "OpenID Connect built-in scope: address",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${addressScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "8d4ffe4d-1d01-4ca1-8ff4-44eacca61b30",
+ "name" : "address",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-address-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute.formatted" : "formatted",
+ "user.attribute.country" : "country",
+ "user.attribute.postal_code" : "postal_code",
+ "userinfo.token.claim" : "true",
+ "user.attribute.street" : "street",
+ "id.token.claim" : "true",
+ "user.attribute.region" : "region",
+ "access.token.claim" : "true",
+ "user.attribute.locality" : "locality"
+ }
+ } ]
+ }, {
+ "id" : "c96f0b73-ea79-4b46-93ef-d1092297f855",
+ "name" : "rabbitmq.read:*/*",
+ "description" : "",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "true",
+ "display.on.consent.screen" : "false",
+ "gui.order" : "",
+ "consent.screen.text" : ""
+ }
+ }, {
+ "id" : "37f61543-dad7-4a82-8e10-77acdd1eefdc",
+ "name" : "roles",
+ "description" : "OpenID Connect scope for add user roles to the access token",
+ "protocol" : "openid-connect",
+ "attributes" : {
+ "include.in.token.scope" : "false",
+ "display.on.consent.screen" : "true",
+ "consent.screen.text" : "${rolesScopeConsentText}"
+ },
+ "protocolMappers" : [ {
+ "id" : "3b6b6914-8ad1-4a71-88ec-444f754aaacb",
+ "name" : "audience resolve",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-audience-resolve-mapper",
+ "consentRequired" : false,
+ "config" : { }
+ }, {
+ "id" : "2defedf5-9af3-4531-822c-a879dedcd29d",
+ "name" : "realm roles",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-realm-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute" : "foo",
+ "access.token.claim" : "true",
+ "claim.name" : "realm_access.roles",
+ "jsonType.label" : "String",
+ "multivalued" : "true"
+ }
+ }, {
+ "id" : "a7bd6723-e58e-47f7-95c0-2925ce99283d",
+ "name" : "client roles",
+ "protocol" : "openid-connect",
+ "protocolMapper" : "oidc-usermodel-client-role-mapper",
+ "consentRequired" : false,
+ "config" : {
+ "user.attribute" : "foo",
+ "access.token.claim" : "true",
+ "claim.name" : "resource_access.${client_id}.roles",
+ "jsonType.label" : "String",
+ "multivalued" : "true"
+ }
+ } ]
+ } ],
+ "defaultDefaultClientScopes" : [ "rabbitmq.tag:administrator", "rabbitmq.tag:management" ],
+ "defaultOptionalClientScopes" : [ "rabbitmq.write:*/*", "offline_access", "rabbitmq.configure:*/*", "roles", "role_list", "address", "phone", "acr", "microprofile-jwt", "email", "attributes", "profile", "rabbitmq.read:*/*", "web-origins" ],
+ "browserSecurityHeaders" : {
+ "contentSecurityPolicyReportOnly" : "",
+ "xContentTypeOptions" : "nosniff",
+ "referrerPolicy" : "no-referrer",
+ "xRobotsTag" : "none",
+ "xFrameOptions" : "SAMEORIGIN",
+ "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
+ "xXSSProtection" : "1; mode=block",
+ "strictTransportSecurity" : "max-age=31536000; includeSubDomains"
+ },
+ "smtpServer" : { },
+ "eventsEnabled" : false,
+ "eventsListeners" : [ "jboss-logging" ],
+ "enabledEventTypes" : [ "SEND_RESET_PASSWORD", "UPDATE_CONSENT_ERROR", "GRANT_CONSENT", "VERIFY_PROFILE_ERROR", "REMOVE_TOTP", "REVOKE_GRANT", "UPDATE_TOTP", "LOGIN_ERROR", "CLIENT_LOGIN", "RESET_PASSWORD_ERROR", "IMPERSONATE_ERROR", "CODE_TO_TOKEN_ERROR", "CUSTOM_REQUIRED_ACTION", "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", "RESTART_AUTHENTICATION", "IMPERSONATE", "UPDATE_PROFILE_ERROR", "LOGIN", "OAUTH2_DEVICE_VERIFY_USER_CODE", "UPDATE_PASSWORD_ERROR", "CLIENT_INITIATED_ACCOUNT_LINKING", "TOKEN_EXCHANGE", "AUTHREQID_TO_TOKEN", "LOGOUT", "REGISTER", "DELETE_ACCOUNT_ERROR", "CLIENT_REGISTER", "IDENTITY_PROVIDER_LINK_ACCOUNT", "DELETE_ACCOUNT", "UPDATE_PASSWORD", "CLIENT_DELETE", "FEDERATED_IDENTITY_LINK_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN", "CLIENT_DELETE_ERROR", "VERIFY_EMAIL", "CLIENT_LOGIN_ERROR", "RESTART_AUTHENTICATION_ERROR", "EXECUTE_ACTIONS", "REMOVE_FEDERATED_IDENTITY_ERROR", "TOKEN_EXCHANGE_ERROR", "PERMISSION_TOKEN", "SEND_IDENTITY_PROVIDER_LINK_ERROR", "EXECUTE_ACTION_TOKEN_ERROR", "SEND_VERIFY_EMAIL", "OAUTH2_DEVICE_AUTH", "EXECUTE_ACTIONS_ERROR", "REMOVE_FEDERATED_IDENTITY", "OAUTH2_DEVICE_CODE_TO_TOKEN", "IDENTITY_PROVIDER_POST_LOGIN", "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", "UPDATE_EMAIL", "REGISTER_ERROR", "REVOKE_GRANT_ERROR", "EXECUTE_ACTION_TOKEN", "LOGOUT_ERROR", "UPDATE_EMAIL_ERROR", "CLIENT_UPDATE_ERROR", "AUTHREQID_TO_TOKEN_ERROR", "UPDATE_PROFILE", "CLIENT_REGISTER_ERROR", "FEDERATED_IDENTITY_LINK", "SEND_IDENTITY_PROVIDER_LINK", "SEND_VERIFY_EMAIL_ERROR", "RESET_PASSWORD", "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR", "OAUTH2_DEVICE_AUTH_ERROR", "UPDATE_CONSENT", "REMOVE_TOTP_ERROR", "VERIFY_EMAIL_ERROR", "SEND_RESET_PASSWORD_ERROR", "CLIENT_UPDATE", "CUSTOM_REQUIRED_ACTION_ERROR", "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "UPDATE_TOTP_ERROR", "CODE_TO_TOKEN", "VERIFY_PROFILE", "GRANT_CONSENT_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR" ],
+ "adminEventsEnabled" : false,
+ "adminEventsDetailsEnabled" : false,
+ "identityProviders" : [ ],
+ "identityProviderMappers" : [ ],
+ "components" : {
+ "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ {
+ "id" : "4d3f9f14-f5d2-4b0c-8ea7-e6d078aa2191",
+ "name" : "Max Clients Limit",
+ "providerId" : "max-clients",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "max-clients" : [ "200" ]
+ }
+ }, {
+ "id" : "f35bce67-1e75-408b-b065-52183368d4fd",
+ "name" : "Allowed Client Scopes",
+ "providerId" : "allowed-client-templates",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "allow-default-scopes" : [ "true" ]
+ }
+ }, {
+ "id" : "0efa669d-1017-4b4a-82e1-c2eaf72de2c9",
+ "name" : "Allowed Client Scopes",
+ "providerId" : "allowed-client-templates",
+ "subType" : "authenticated",
+ "subComponents" : { },
+ "config" : {
+ "allow-default-scopes" : [ "true" ]
+ }
+ }, {
+ "id" : "528fb423-d66e-472e-9120-1f03ba9e0f18",
+ "name" : "Consent Required",
+ "providerId" : "consent-required",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : { }
+ }, {
+ "id" : "3ab11d74-5e76-408a-b85a-26bf8950f979",
+ "name" : "Allowed Protocol Mapper Types",
+ "providerId" : "allowed-protocol-mappers",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-address-mapper", "oidc-full-name-mapper", "saml-user-attribute-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper", "saml-role-list-mapper" ]
+ }
+ }, {
+ "id" : "1849e52a-b8c9-44a8-af3d-ee19376a1ed1",
+ "name" : "Trusted Hosts",
+ "providerId" : "trusted-hosts",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : {
+ "host-sending-registration-request-must-match" : [ "true" ],
+ "client-uris-must-match" : [ "true" ]
+ }
+ }, {
+ "id" : "f565cb47-3bcf-4078-8f94-eb4179c375b8",
+ "name" : "Full Scope Disabled",
+ "providerId" : "scope",
+ "subType" : "anonymous",
+ "subComponents" : { },
+ "config" : { }
+ }, {
+ "id" : "104ec5a9-025b-4c44-8ac0-82d22887ca3e",
+ "name" : "Allowed Protocol Mapper Types",
+ "providerId" : "allowed-protocol-mappers",
+ "subType" : "authenticated",
+ "subComponents" : { },
+ "config" : {
+ "allowed-protocol-mapper-types" : [ "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "saml-user-attribute-mapper" ]
+ }
+ } ],
+ "org.keycloak.userprofile.UserProfileProvider" : [ {
+ "id" : "fb763636-e1ea-49c7-adca-ea105cdec4ad",
+ "providerId" : "declarative-user-profile",
+ "subComponents" : { },
+ "config" : {
+ "kc.user.profile.config" : [ "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}],\"unmanagedAttributePolicy\":\"ENABLED\"}" ]
+ }
+ } ],
+ "org.keycloak.keys.KeyProvider" : [ {
+ "id" : "2f53ccf3-37b0-4d34-83e7-ed497499ee51",
+ "name" : "rsa-enc-generated",
+ "providerId" : "rsa-enc-generated",
+ "subComponents" : { },
+ "config" : {
+ "privateKey" : [ "MIIEowIBAAKCAQEA3b1tNLfcjFLUw9UShVDNf+ZD8sQqb4YBaIXcSJTX/zDQUPiCp176BBGI3s4VplDArnOW+LumozmKogeoHEnGEIDW8ovgK5uMU9tSA2p0qqGBUMOdR8YATTIfCJe7qGiiuGa3WZy3sQLM70SuRzx02YU8gvUcvl2Js4KyqAziOUX/w3Wa59H9jjGNUXYyqaPWJp73eHzbVYWySzyLG22mVlcUtBx5siL5T2/Xu0p9z4l7/bapwwmOVi1ZrcHjbEAwdGEiSMGI/uWqAF+r1BRpmJLR7HNXcL3eK4/56VYLaiwSejfyYeRFMITEn/UxGYhcXZ5xMUUCG0TxjBhLYpTBuwIDAQABAoIBAA4dwebcxkrH99Poa8+WkiE7JgaS9sahx9OBI2xwJANoIU2TpzGuNLQZ76uLgB+rPWZTD9Xm5a1iJjwOyQ9/937TzPCk91D0tpgcusRikb8jx/6TGB9acL4kBjYUVCCHr3BA2G75MKKGtJ2OMvAbCQSosZj+r2VDwYFEPUkV2jheE5JHSBkwyIRrus3JCwu8gu5fyCg9z8ljcxJxI5HIsi4v8Z21aCw/cLj7h5cMt44wCjQz4rOfYNBEFeHDtlfR1QtWKgjm4ZHHJbKrzf9b2kQXclziceEbSM0tYbROEXKi+s0Zc+z3HEG89vv0vfN400clmzzIAijKY6gg3pPRWdECgYEA+lnWYbSlXDMNYx6RBXm1RnlMUYIm4oy4/9ljgnoGJ6WCn3SjFkgaDtiKfGIG1BSB85r04pAPANgcWHf5tWDnq0ARvBVG0BX2bKd++7B3D4d3CRYKCwm88SslJXv9dfHVhq4+zViFPiUWwT20A72jCuUCvL88y5fh/YBecfdh+jECgYEA4r5RD0NB9dMaeg5/jk/GEHIo4Z9KLc6FrSoOFo2xFkPOy1sgDpDOiNtypuWvniO7k7Ose3DS3hlfTMsKzIW/CgQJ20+Y4cvBWDaOsRxfjj7w3d+jH5OSJdKKSzTrgLKc9ZhlRzVXy0J0hipIA6HG5kdVdLXmh85ITmf1CbJhE6sCgYBjPVeBNbXTHZ2x6/z62aslO5IoQVqetb/kE82hfDOSZcao5Ph9Lam+ttH2ynkAevykj4mBgi+gWwqpey2uW7KaLPSaxShj9kDQA3mP1fzsV/u0y1rB02Nlin/YIxVvOqU1FT9p8SwoXVVu1sHUNck62VtDbN9xqUx5S/ikXrclEQKBgQCoTssOwEcK+Vty9KYcdfy4onTUHZBLdjxl8Iyqkxy7QTQUYRznkvesQPDXEDGO+kk3dyx2KKZt9Hl4IFNww2quPZcvcuMx4DQxjbXXpA8OIIxcta95NepLJwA+mRai3nKCH1A2TlNP7pFeMa5o+8IPly3Ix2lKr4Wepa4PN5i1pwKBgCZ1QP6XAOERl9NznNmU0rXVcvYNP4PIIfQWfvGsldZ4QKkmjjAGiS0/oYqdWs+UDRZyCRChaVjDXO9fk0PEG5OGKAj9nyiYCT/M8xtJ3UeP5ffZZvJ/vnye3QdDIo1e38ZzsWwJHmLYw7fRqY9W5Vxo0Vsy22U3CJY70KTxVdTy" ],
+ "keyUse" : [ "ENC" ],
+ "certificate" : [ "MIICmzCCAYMCBgGG3GWycDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZkYnJlcG8wHhcNMjMwMzEzMTkxMzE3WhcNMzMwMzEzMTkxNDU3WjARMQ8wDQYDVQQDDAZkYnJlcG8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdvW00t9yMUtTD1RKFUM1/5kPyxCpvhgFohdxIlNf/MNBQ+IKnXvoEEYjezhWmUMCuc5b4u6ajOYqiB6gcScYQgNbyi+Arm4xT21IDanSqoYFQw51HxgBNMh8Il7uoaKK4ZrdZnLexAszvRK5HPHTZhTyC9Ry+XYmzgrKoDOI5Rf/DdZrn0f2OMY1RdjKpo9Ymnvd4fNtVhbJLPIsbbaZWVxS0HHmyIvlPb9e7Sn3PiXv9tqnDCY5WLVmtweNsQDB0YSJIwYj+5aoAX6vUFGmYktHsc1dwvd4rj/npVgtqLBJ6N/Jh5EUwhMSf9TEZiFxdnnExRQIbRPGMGEtilMG7AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAK3kQ1VkQrzvSWvmXmazmNoA1ZiPzRDs1XhGUWxgsxzgPylr3dGBuqQbKvgnLUBQLSqlJHpI4fZflHswu1qrvVZYtekPcGef4WhcKAu2i1RwxrKa6RJQ1tRbrLuVYCzPv5p/DWgltWVn88aoLnqQn0SK/0PB/o4a4Cm7Kq2ZzCr1dACBr06LvOHsc7249OySmbG4HH+pLK6jVURhZ9VaObqAHe2FJBVVoIzURbdiRRURqumrIvbnpeaU1aFyg6ED5wTnXvmMPmVPt9F79mcB33bASO5wyu00X8t1hyN2Show2l2vxLACGUzVkTQt15s7uDLKE7qLmKSR3EuSGXWv3wA=" ],
+ "priority" : [ "100" ],
+ "algorithm" : [ "RSA-OAEP" ]
+ }
+ }, {
+ "id" : "230cb681-9ceb-4b1b-8a4c-929a11b08de0",
+ "name" : "hmac-generated-hs512",
+ "providerId" : "hmac-generated",
+ "subComponents" : { },
+ "config" : {
+ "kid" : [ "8a489935-9a95-459b-9059-59b438ef0fa8" ],
+ "secret" : [ "xSCVgBlrLPWoF54gKQdR7BqXlfNaCD43xtS_ZgQRC0tGNAbqhy2Q9y8LdD2IR7K__8VGaDGYtyZayopgTebhDBb4gHDjDOBX7flhFYRrm0G3aTIuCIyFG-bPULwmyP_oHeC6tjwdQhqx5G0tE2mQQqPC9dDZuUA5I7QREIGK8cI" ],
+ "priority" : [ "100" ],
+ "algorithm" : [ "HS512" ]
+ }
+ }, {
+ "id" : "28ca0b6d-b2e2-4785-b04b-2391e6344e30",
+ "name" : "aes-generated",
+ "providerId" : "aes-generated",
+ "subComponents" : { },
+ "config" : {
+ "kid" : [ "6dc4834f-a1de-4cfe-a29d-e84ac8e9b1a8" ],
+ "secret" : [ "HpuzG_jWYKwypLeoPEMC4A" ],
+ "priority" : [ "100" ]
+ }
+ }, {
+ "id" : "bd7945cf-6d35-4e03-9c3a-197f2dc76973",
+ "name" : "hmac-generated",
+ "providerId" : "hmac-generated",
+ "subComponents" : { },
+ "config" : {
+ "kid" : [ "5034d264-cb50-4006-a59e-2ce636eb5f38" ],
+ "secret" : [ "ToVIw-a4IE-Yp9JpP8ztb8NAICYO8CT3tUiDPT6DdiBcgzKJ9Ym9vspxGVdmPceX3mAgbnGLAcTx1PkInSVrbZs-tX9QXFwdlyGbewhKiNpH8wEg32Wk4GuUDpTv8JCsymgWyQBY681jvIMv05eCoK2QWpqCzcgP828KM5peCzo" ],
+ "priority" : [ "100" ],
+ "algorithm" : [ "HS256" ]
+ }
+ }, {
+ "id" : "2293ff99-3c6d-46d1-8635-5e679d5b134a",
+ "name" : "rsa-generated",
+ "providerId" : "rsa-generated",
+ "subComponents" : { },
+ "config" : {
+ "privateKey" : [ "MIIEpAIBAAKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQABAoIBADNcMt6hAHub4JTAYS6Mra0EPRBO2XhWmACBrv3+8ETClXd5475KPLDewgRVtlmtbwU8G8awUXESQgPS9lfiqvQhPreA3cHlm6oP2WMKOEtakr2s8I+frsTBLCo0Ini9RaSzjoVVgS0zofyhASKi+T970MafSj5P3XNb8YBFdXgoYDiA7FXLH6a/+m7LScL+wGcFMAAeYESxZbMQLfH3v8L+4EcTraiwjLG17ZdlF3dpybMyUSse6ZQ/PdlyvBuzzLXhN6Ce2gd9ATfS+YWTzo7Yf+GU+ex5bIpVOfHqtuM/hyq7YGKENClsXwNZIAoFnvGCbvECAfgyapVrD30IfykCgYEA0rgsSZ82pxT40NxwgBD1g9lbNVBKXphRB/3S078qusUzJjT7AldEj4imGPhAbI7bI8gAeWJsp1XJWkjM8ktaVrh+NQl7p8e9OPh0pQF/5Bdg8ajbjXESpjnaU66pVYRQy/d+jNli/YRAHX5RUfsBl+6W4+WSVMGmKBiqJsur+ecCgYEAz1YVXClcmUnyZem5B+2E9noIzjF6ROE+jIb6rawM85P3Xd0lXtECQavtxw+Qk7I32qOwrxl1UpK2foVel3pazi+4OpMfmqtYGenRP1Zk1cZwrDo0cIemTDGjj3kJ8tYn12CGolFQpJZgK6OHzvG0tOxI5VZgjIViWNPe1PGWXtUCgYEAxXGNDe8BZs1f11S2lUlOw5yGug3hoYFXbAWJ5p7Ziuf8ZXB/QlJDC7se54a11wKEk6Jzz0lKRgE8CjzszJuOqnN0zn10QGIIC7nCklo1W6QMUmPGVWH994N976tZP6gbjQL6sT+AYcvpx7j0ubxYYeRNvnz+ACzzY964kGGHY0ECgYEAumlwPPNnMN7+VEjGNm2D7UMdJZ3wi3tkjF5ThdA5uMohTsAk+FG80KSu3RmOaGyEsUwY7+VYyYvlDm4E9PZqLBVVczyR3rMNPAcwPd0EPfvzk7WlLkOX7ct3fehaXH3VRlyfz9KCSeh1wOZ/lT1VtpD2nVOC7PSDzs92+kfXZZ0CgYAnrD1y4skgXkdwolZ3unn3EFyGm2d+X5aMTHwQPdWxqoNIAl/9wdghlzihwnPhhsxq1WzlxuC3V2IMrNPtRx70Mi+FbSmR5m4Xx5RptgMtMlwno+L40PzNJgMjHGjt0wcx3Vel8wuohDtnqMyS7P5nG1/TQx0Cyzwn7QOXlNpgbQ==" ],
+ "keyUse" : [ "SIG" ],
+ "certificate" : [ "MIICmzCCAYMCBgGG3GWyBTANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZkYnJlcG8wHhcNMjMwMzEzMTkxMzE3WhcNMzMwMzEzMTkxNDU3WjARMQ8wDQYDVQQDDAZkYnJlcG8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqqcdDYFZZb28M0tEJzEP77FmD/Xqioyj9zWX6VwUSOMAgmMmn8eqs9hT9T0a+q4YTo9tUW1PNbUpwprA5b4Uk04DcIajxDVMUR/PjcHytmkqwVskq9AZW/Vngdoo+8tSbuIybwe/3Vwt266hbHpDcM97a+DXcYooRl7tQWCEX7RP27wQrMD9epDQ6IgKayZg9vC9/03dsIqwH9jXQRiZlFvwiEKhX2aY7lPGBaCK414JO00K/Z49iov9TRa/IYVbSt5qwgrx6DcqsBSPwOnI6A85UGfeUEZ/7coVJiL7RvBlsllapsL9eWTbQajVh94k9Ei3sibEPbtH+U2OAM78zAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAASnN1Cuif1sdfEK2kWAURSXGJCohCROLWdKFjaeHPRaEfpbFJsgxW0Yj3nwX5O3bUlOWoTyENwnXSsXMQsqnNi+At32CKaKO8+AkhAbgQL9F0B+KeJwmYv3cUj5N/LYkJjBvZBzUZ4Ugu5dcxH0k7AktLAIwimkyEnxTNolOA3UyrGGpREr8MCKWVr10RFuOpF/0CsJNNwbHXzalO9D756EUcRWZ9VSg6QVNso0YYRKTnILWDn9hcTRnqGy3SHo3anFTqQZ+BB57YbgFWy6udC0LYRB3zdp6zNti87eu/VEymiDY/mmo1AB8Tm0b6vxFz4AKcL3ax5qS6YnZ9efSzk=" ],
+ "priority" : [ "100" ]
+ }
+ } ]
+ },
+ "internationalizationEnabled" : false,
+ "supportedLocales" : [ ],
+ "authenticationFlows" : [ {
+ "id" : "88e5d526-2298-413c-a904-133ad839d47f",
+ "alias" : "Account verification options",
+ "description" : "Method with which to verity the existing account",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-email-verification",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Verify Existing Account by Re-authentication",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "a690c715-fbae-4c20-b680-bd4010718761",
+ "alias" : "Browser - Conditional OTP",
+ "description" : "Flow to determine if the OTP is required for the authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "auth-otp-form",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "ad6d407e-c73e-4439-baf3-d7c99c6cb6ad",
+ "alias" : "Direct Grant - Conditional OTP",
+ "description" : "Flow to determine if the OTP is required for the authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "direct-grant-validate-otp",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "e5d03405-e10a-408a-adb2-41dbb4f24515",
+ "alias" : "First broker login - Conditional OTP",
+ "description" : "Flow to determine if the OTP is required for the authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "auth-otp-form",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "96b93843-62d0-44f1-84dd-21cc5f95f523",
+ "alias" : "Handle Existing Account",
+ "description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-confirm-link",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Account verification options",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "088f4051-36ab-4952-a4f2-4ba53c408083",
+ "alias" : "Reset - Conditional OTP",
+ "description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "conditional-user-configured",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "reset-otp",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "05f37bb2-779d-4e3f-ad1b-f6eb33bb3de4",
+ "alias" : "User creation or linking",
+ "description" : "Flow for the existing/non-existing user alternatives",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticatorConfig" : "create unique user config",
+ "authenticator" : "idp-create-user-if-unique",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Handle Existing Account",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "300a5647-7d2c-4348-9f1f-51504bfda1c4",
+ "alias" : "Verify Existing Account by Re-authentication",
+ "description" : "Reauthentication of existing account",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "idp-username-password-form",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "CONDITIONAL",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "First broker login - Conditional OTP",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "26afc672-314b-4ad9-9711-7aaeafd7c00c",
+ "alias" : "browser",
+ "description" : "browser based authentication",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-cookie",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "auth-spnego",
+ "authenticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "identity-provider-redirector",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 25,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 30,
+ "autheticatorFlow" : true,
+ "flowAlias" : "forms",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "9b301f6c-eda7-4da0-ba09-1a6454ff910d",
+ "alias" : "clients",
+ "description" : "Base authentication for clients",
+ "providerId" : "client-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "client-secret",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "client-jwt",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "client-secret-jwt",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 30,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "client-x509",
+ "authenticatorFlow" : false,
+ "requirement" : "ALTERNATIVE",
+ "priority" : 40,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "6e54f1be-dbad-4b6d-8eee-8e048d413c63",
+ "alias" : "direct grant",
+ "description" : "OpenID Connect Resource Owner Grant",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "direct-grant-validate-username",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "direct-grant-validate-password",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "CONDITIONAL",
+ "priority" : 30,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Direct Grant - Conditional OTP",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "31da4b94-03c4-4d79-9ac3-5df1445c0781",
+ "alias" : "docker auth",
+ "description" : "Used by Docker clients to authenticate against the IDP",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "docker-http-basic-authenticator",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "2e16651d-681f-4d9b-9dd4-9acdb465cd43",
+ "alias" : "first broker login",
+ "description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticatorConfig" : "review profile config",
+ "authenticator" : "idp-review-profile",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "User creation or linking",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "da109a26-fefa-48a4-ae8e-1d49627c2db8",
+ "alias" : "forms",
+ "description" : "Username, password, otp and other auth forms.",
+ "providerId" : "basic-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "auth-username-password-form",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "CONDITIONAL",
+ "priority" : 20,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Browser - Conditional OTP",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "4c983c77-241f-41c5-8b8a-e2cd6fc08914",
+ "alias" : "registration",
+ "description" : "registration flow",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-page-form",
+ "authenticatorFlow" : true,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : true,
+ "flowAlias" : "registration form",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "d62c8dd6-633c-408a-aa99-43071510efb4",
+ "alias" : "registration form",
+ "description" : "registration form",
+ "providerId" : "form-flow",
+ "topLevel" : false,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "registration-user-creation",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "registration-password-action",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 50,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "registration-recaptcha-action",
+ "authenticatorFlow" : false,
+ "requirement" : "DISABLED",
+ "priority" : 60,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "c8ca5be7-e76d-4e16-b5ca-3ced99d92dbb",
+ "alias" : "reset credentials",
+ "description" : "Reset credentials for a user if they forgot their password or something",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "reset-credentials-choose-user",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "reset-credential-email",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 20,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticator" : "reset-password",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 30,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ }, {
+ "authenticatorFlow" : true,
+ "requirement" : "CONDITIONAL",
+ "priority" : 40,
+ "autheticatorFlow" : true,
+ "flowAlias" : "Reset - Conditional OTP",
+ "userSetupAllowed" : false
+ } ]
+ }, {
+ "id" : "389c1c37-e8af-4610-a507-e1257f55b954",
+ "alias" : "saml ecp",
+ "description" : "SAML ECP Profile Authentication Flow",
+ "providerId" : "basic-flow",
+ "topLevel" : true,
+ "builtIn" : true,
+ "authenticationExecutions" : [ {
+ "authenticator" : "http-basic-authenticator",
+ "authenticatorFlow" : false,
+ "requirement" : "REQUIRED",
+ "priority" : 10,
+ "autheticatorFlow" : false,
+ "userSetupAllowed" : false
+ } ]
+ } ],
+ "authenticatorConfig" : [ {
+ "id" : "d66ca9d0-1645-4c84-abfe-c0a696f17de4",
+ "alias" : "create unique user config",
+ "config" : {
+ "require.password.update.after.registration" : "false"
+ }
+ }, {
+ "id" : "061cc6b8-90be-4423-9bf9-974ead709b5d",
+ "alias" : "review profile config",
+ "config" : {
+ "update.profile.on.first.login" : "missing"
+ }
+ } ],
+ "requiredActions" : [ {
+ "alias" : "CONFIGURE_TOTP",
+ "name" : "Configure OTP",
+ "providerId" : "CONFIGURE_TOTP",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 10,
+ "config" : { }
+ }, {
+ "alias" : "TERMS_AND_CONDITIONS",
+ "name" : "Terms and Conditions",
+ "providerId" : "TERMS_AND_CONDITIONS",
+ "enabled" : false,
+ "defaultAction" : false,
+ "priority" : 20,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PASSWORD",
+ "name" : "Update Password",
+ "providerId" : "UPDATE_PASSWORD",
+ "enabled" : false,
+ "defaultAction" : false,
+ "priority" : 30,
+ "config" : { }
+ }, {
+ "alias" : "UPDATE_PROFILE",
+ "name" : "Update Profile",
+ "providerId" : "UPDATE_PROFILE",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 40,
+ "config" : { }
+ }, {
+ "alias" : "VERIFY_EMAIL",
+ "name" : "Verify Email",
+ "providerId" : "VERIFY_EMAIL",
+ "enabled" : false,
+ "defaultAction" : false,
+ "priority" : 50,
+ "config" : { }
+ }, {
+ "alias" : "delete_account",
+ "name" : "Delete Account",
+ "providerId" : "delete_account",
+ "enabled" : false,
+ "defaultAction" : false,
+ "priority" : 60,
+ "config" : { }
+ }, {
+ "alias" : "webauthn-register",
+ "name" : "Webauthn Register",
+ "providerId" : "webauthn-register",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 70,
+ "config" : { }
+ }, {
+ "alias" : "webauthn-register-passwordless",
+ "name" : "Webauthn Register Passwordless",
+ "providerId" : "webauthn-register-passwordless",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 80,
+ "config" : { }
+ }, {
+ "alias" : "delete_credential",
+ "name" : "Delete Credential",
+ "providerId" : "delete_credential",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 100,
+ "config" : { }
+ }, {
+ "alias" : "update_user_locale",
+ "name" : "Update User Locale",
+ "providerId" : "update_user_locale",
+ "enabled" : true,
+ "defaultAction" : false,
+ "priority" : 1000,
+ "config" : { }
+ } ],
+ "browserFlow" : "browser",
+ "registrationFlow" : "registration",
+ "directGrantFlow" : "direct grant",
+ "resetCredentialsFlow" : "reset credentials",
+ "clientAuthenticationFlow" : "clients",
+ "dockerAuthenticationFlow" : "docker auth",
+ "firstBrokerLoginFlow" : "first broker login",
+ "attributes" : {
+ "cibaBackchannelTokenDeliveryMode" : "poll",
+ "cibaAuthRequestedUserHint" : "login_hint",
+ "clientOfflineSessionMaxLifespan" : "0",
+ "oauth2DevicePollingInterval" : "5",
+ "clientSessionIdleTimeout" : "0",
+ "actionTokenGeneratedByUserLifespan-execute-actions" : "",
+ "actionTokenGeneratedByUserLifespan-verify-email" : "",
+ "clientOfflineSessionIdleTimeout" : "0",
+ "actionTokenGeneratedByUserLifespan-reset-credentials" : "",
+ "cibaInterval" : "5",
+ "realmReusableOtpCode" : "false",
+ "cibaExpiresIn" : "120",
+ "oauth2DeviceCodeLifespan" : "600",
+ "actionTokenGeneratedByUserLifespan-idp-verify-account-via-email" : "",
+ "parRequestUriLifespan" : "60",
+ "clientSessionMaxLifespan" : "0",
+ "shortVerificationUri" : ""
+ },
+ "keycloakVersion" : "24.0.5",
+ "userManagedAccessAllowed" : false,
+ "clientProfiles" : {
+ "profiles" : [ ]
+ },
+ "clientPolicies" : {
+ "policies" : [ ]
+ }
+}
\ No newline at end of file
diff --git a/dbrepo-metadata-db/1_setup-schema.sql b/dbrepo-metadata-db/1_setup-schema.sql
index c9ce89d1be..173bce7b03 100644
--- a/dbrepo-metadata-db/1_setup-schema.sql
+++ b/dbrepo-metadata-db/1_setup-schema.sql
@@ -6,7 +6,6 @@ CREATE TABLE IF NOT EXISTS `mdb_users`
username character varying(255) NOT NULL,
firstname character varying(255),
lastname character varying(255),
- email character varying(255) NOT NULL,
orcid character varying(255),
affiliation character varying(255),
is_internal BOOLEAN NOT NULL DEFAULT FALSE,
@@ -14,8 +13,7 @@ CREATE TABLE IF NOT EXISTS `mdb_users`
theme character varying(255) NOT NULL default ('light'),
language character varying(3) NOT NULL default ('en'),
PRIMARY KEY (id),
- UNIQUE (username),
- UNIQUE (email)
+ UNIQUE (username)
) WITH SYSTEM VERSIONING;
CREATE TABLE IF NOT EXISTS `mdb_images`
diff --git a/dbrepo-metadata-service/api/src/main/java/at/tuwien/api/auth/CreateUserDto.java b/dbrepo-metadata-service/api/src/main/java/at/tuwien/api/auth/CreateUserDto.java
index a30208bad0..16f45aec4d 100644
--- a/dbrepo-metadata-service/api/src/main/java/at/tuwien/api/auth/CreateUserDto.java
+++ b/dbrepo-metadata-service/api/src/main/java/at/tuwien/api/auth/CreateUserDto.java
@@ -1,13 +1,14 @@
package at.tuwien.api.auth;
+import com.fasterxml.jackson.annotation.JsonProperty;
import io.swagger.v3.oas.annotations.media.Schema;
-import jakarta.validation.constraints.Email;
import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.NotNull;
-import jakarta.validation.constraints.Pattern;
import lombok.*;
import lombok.extern.jackson.Jacksonized;
+import java.util.UUID;
+
@Getter
@Setter
@Builder
@@ -18,18 +19,28 @@ import lombok.extern.jackson.Jacksonized;
@ToString
public class CreateUserDto {
+ @NotNull
+ @Schema(example = "3b91bc36-3eae-4662-a4be-8993624ab0cb", description = "The user id generated by Keycloak")
+ private UUID id;
+
+ @NotNull
+ @JsonProperty("ldap_id")
+ @Schema(example = "ea022d6d-b4a4-42f3-836f-ff4e596a527a", description = "The user id generated by OpenLDAP")
+ private UUID ldapId;
+
@NotBlank
- @Pattern(regexp = "^[a-z0-9]{3,}$")
@Schema(example = "user")
private String username;
- @NotBlank
- @Email
- @Schema(example = "user@example.com")
- private String email;
+ @JsonProperty("given_name")
+ @Schema(example = "foo")
+ private String givenName;
- @NotNull
- @ToString.Exclude
- private String password;
+ @JsonProperty("family_name")
+ @Schema(example = "bar")
+ private String familyName;
+
+ @Schema(example = "foo.bar@example.com")
+ private String email;
}
diff --git a/dbrepo-metadata-service/api/src/main/java/at/tuwien/api/user/UserDetailsDto.java b/dbrepo-metadata-service/api/src/main/java/at/tuwien/api/user/UserDetailsDto.java
index cd5e8fd3e0..2ab170d616 100644
--- a/dbrepo-metadata-service/api/src/main/java/at/tuwien/api/user/UserDetailsDto.java
+++ b/dbrepo-metadata-service/api/src/main/java/at/tuwien/api/user/UserDetailsDto.java
@@ -1,6 +1,5 @@
package at.tuwien.api.user;
-import jakarta.validation.constraints.Email;
import jakarta.validation.constraints.NotNull;
import lombok.*;
import lombok.extern.jackson.Jacksonized;
@@ -30,10 +29,6 @@ public class UserDetailsDto implements UserDetails {
@ToString.Exclude
private String password;
- @NotNull
- @Email
- private String email;
-
@Override
public boolean isAccountNonExpired() {
return true;
diff --git a/dbrepo-metadata-service/entities/src/main/java/at/tuwien/entities/user/User.java b/dbrepo-metadata-service/entities/src/main/java/at/tuwien/entities/user/User.java
index fd87852c6e..de3111e5c8 100644
--- a/dbrepo-metadata-service/entities/src/main/java/at/tuwien/entities/user/User.java
+++ b/dbrepo-metadata-service/entities/src/main/java/at/tuwien/entities/user/User.java
@@ -39,9 +39,6 @@ public class User {
@Column
private String lastname;
- @Column(nullable = false)
- private String email;
-
@Column
private String orcid;
diff --git a/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/mapper/MetadataMapper.java b/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/mapper/MetadataMapper.java
index ac6cacf64f..36caa7e9f6 100644
--- a/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/mapper/MetadataMapper.java
+++ b/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/mapper/MetadataMapper.java
@@ -1,6 +1,5 @@
package at.tuwien.mapper;
-import at.tuwien.api.auth.CreateUserDto;
import at.tuwien.api.container.ContainerBriefDto;
import at.tuwien.api.container.ContainerDto;
import at.tuwien.api.container.CreateContainerDto;
@@ -13,14 +12,14 @@ import at.tuwien.api.database.*;
import at.tuwien.api.database.table.TableBriefDto;
import at.tuwien.api.database.table.TableDto;
import at.tuwien.api.database.table.columns.ColumnBriefDto;
-import at.tuwien.api.database.table.columns.CreateTableColumnDto;
import at.tuwien.api.database.table.columns.ColumnDto;
+import at.tuwien.api.database.table.columns.CreateTableColumnDto;
import at.tuwien.api.database.table.columns.concepts.ConceptDto;
import at.tuwien.api.database.table.columns.concepts.ConceptSaveDto;
import at.tuwien.api.database.table.columns.concepts.UnitDto;
import at.tuwien.api.database.table.columns.concepts.UnitSaveDto;
-import at.tuwien.api.database.table.constraints.CreateTableConstraintsDto;
import at.tuwien.api.database.table.constraints.ConstraintsDto;
+import at.tuwien.api.database.table.constraints.CreateTableConstraintsDto;
import at.tuwien.api.database.table.constraints.foreign.ForeignKeyBriefDto;
import at.tuwien.api.database.table.constraints.foreign.ForeignKeyDto;
import at.tuwien.api.database.table.constraints.foreign.ForeignKeyReferenceDto;
@@ -34,7 +33,6 @@ import at.tuwien.api.identifier.ld.LdDatasetDto;
import at.tuwien.api.keycloak.CredentialDto;
import at.tuwien.api.keycloak.CredentialTypeDto;
import at.tuwien.api.keycloak.UpdateCredentialsDto;
-import at.tuwien.api.keycloak.UserCreateDto;
import at.tuwien.api.maintenance.BannerMessageBriefDto;
import at.tuwien.api.maintenance.BannerMessageCreateDto;
import at.tuwien.api.maintenance.BannerMessageDto;
@@ -756,19 +754,6 @@ public interface MetadataMapper {
.build();
}
- default UserCreateDto signupRequestDtoToUserCreateDto(CreateUserDto data) {
- return UserCreateDto.builder()
- .username(data.getUsername())
- .email(data.getEmail())
- .credentials(List.of(CredentialDto.builder()
- .type(CredentialTypeDto.PASSWORD)
- .temporary(false)
- .value(data.getPassword())
- .build()))
- .enabled(true)
- .build();
- }
-
/* keep */
UserBriefDto keycloakUserDtoToUserBriefDto(at.tuwien.api.keycloak.UserDto data);
diff --git a/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/repository/UserRepository.java b/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/repository/UserRepository.java
index 7415fb422c..30f2f20c16 100644
--- a/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/repository/UserRepository.java
+++ b/dbrepo-metadata-service/repositories/src/main/java/at/tuwien/repository/UserRepository.java
@@ -17,7 +17,5 @@ public interface UserRepository extends JpaRepository<User, UUID> {
boolean existsByUsername(String username);
- boolean existsByEmail(String email);
-
}
diff --git a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/UserEndpoint.java b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/UserEndpoint.java
index ade963c255..d289c097d4 100644
--- a/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/UserEndpoint.java
+++ b/dbrepo-metadata-service/rest-service/src/main/java/at/tuwien/endpoints/UserEndpoint.java
@@ -1,8 +1,8 @@
package at.tuwien.endpoints;
+import at.tuwien.api.auth.CreateUserDto;
import at.tuwien.api.auth.LoginRequestDto;
import at.tuwien.api.auth.RefreshTokenRequestDto;
-import at.tuwien.api.auth.CreateUserDto;
import at.tuwien.api.error.ApiErrorDto;
import at.tuwien.api.keycloak.TokenDto;
import at.tuwien.api.user.UserBriefDto;
@@ -95,10 +95,11 @@ public class UserEndpoint extends AbstractEndpoint {
@PostMapping
@Transactional(rollbackFor = {Exception.class})
- @PreAuthorize("!isAuthenticated()")
+ @PreAuthorize("hasAuthority('system')")
@Observed(name = "dbrepo_user_create")
@Operation(summary = "Create user",
- description = "Creates a user in the auth service and metadata database. Requires that no credentials are sent in the request.")
+ description = "Creates a user in the auth service and metadata database. Requires that no credentials are sent in the request.",
+ hidden = true)
@ApiResponses(value = {
@ApiResponse(responseCode = "201",
description = "Created user",
@@ -142,12 +143,10 @@ public class UserEndpoint extends AbstractEndpoint {
public ResponseEntity<UserBriefDto> create(@NotNull @Valid @RequestBody CreateUserDto data)
throws UserExistsException, EmailExistsException, AuthServiceException, AuthServiceConnectionException,
UserNotFoundException, CredentialsInvalidException {
- log.debug("endpoint create user, data.username={}", data.getUsername());
- userService.validateUsernameNotExists(data.getUsername());
- userService.validateEmailNotExists(data.getEmail());
+ log.debug("endpoint create user, data.id={}, data.username={}", data.getId(), data.getUsername());
return ResponseEntity.status(HttpStatus.CREATED)
.body(userMapper.userToUserBriefDto(
- userService.create(data, authenticationService.create(data).getAttributes().getLdapId()[0])));
+ userService.create(data)));
}
@PostMapping("/token")
@@ -170,11 +169,6 @@ public class UserEndpoint extends AbstractEndpoint {
content = {@Content(
mediaType = "application/json",
schema = @Schema(implementation = ApiErrorDto.class))}),
- @ApiResponse(responseCode = "404",
- description = "Failed to find user in auth database",
- content = {@Content(
- mediaType = "application/json",
- schema = @Schema(implementation = ApiErrorDto.class))}),
@ApiResponse(responseCode = "428",
description = "Account is not fully setup in auth service (requires password change?)",
content = {@Content(
@@ -185,35 +179,10 @@ public class UserEndpoint extends AbstractEndpoint {
content = {@Content(
mediaType = "application/json",
schema = @Schema(implementation = ApiErrorDto.class))}),
- @ApiResponse(responseCode = "503",
- description = "Failed to get user in auth service",
- content = {@Content(
- mediaType = "application/json",
- schema = @Schema(implementation = ApiErrorDto.class))}),
})
public ResponseEntity<TokenDto> getToken(@NotNull @Valid @RequestBody LoginRequestDto data)
- throws AuthServiceException, AuthServiceConnectionException, UserNotFoundException, CredentialsInvalidException,
- AccountNotSetupException {
+ throws AuthServiceConnectionException, CredentialsInvalidException, AccountNotSetupException {
log.debug("endpoint get token, data.username={}", data.getUsername());
- /* check */
- try {
- userService.findByUsername(data.getUsername());
- } catch (UserNotFoundException e) {
- /* need to sync */
- log.warn("User with username {} does not exist in metadata database yet", data.getUsername());
- final CreateUserDto request = CreateUserDto.builder()
- .username(data.getUsername())
- .email("noreply@example.com")
- .password(data.getPassword())
- .build();
- final at.tuwien.api.keycloak.UserDto user = authenticationService.findByUsername(data.getUsername());
- if (user.getAttributes().getLdapId() == null || user.getAttributes().getLdapId().length != 1) {
- log.error("Failed to map ldap id for user with username: {}", data.getUsername());
- throw new UserNotFoundException("Failed to map ldap id");
- }
- userService.create(request, user.getAttributes().getLdapId()[0]);
- log.info("Patched missing user information for user with username: {}", data.getUsername());
- }
return ResponseEntity.accepted()
.body(authenticationService.obtainToken(data));
}
@@ -329,8 +298,8 @@ public class UserEndpoint extends AbstractEndpoint {
schema = @Schema(implementation = ApiErrorDto.class))}),
})
public ResponseEntity<UserBriefDto> modify(@NotNull @PathVariable("userId") UUID userId,
- @NotNull @Valid @RequestBody UserUpdateDto data,
- @NotNull Principal principal) throws NotAllowedException,
+ @NotNull @Valid @RequestBody UserUpdateDto data,
+ @NotNull Principal principal) throws NotAllowedException,
UserNotFoundException, DatabaseNotFoundException {
log.debug("endpoint modify a user, userId={}, data={}", userId, data);
final User user = userService.findById(userId);
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/UserEndpointUnitTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/UserEndpointUnitTest.java
index 152c17c461..aa93963b48 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/UserEndpointUnitTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/endpoints/UserEndpointUnitTest.java
@@ -1,8 +1,7 @@
package at.tuwien.endpoints;
-import at.tuwien.api.auth.LoginRequestDto;
import at.tuwien.api.auth.CreateUserDto;
-import at.tuwien.api.keycloak.UserAttributesDto;
+import at.tuwien.api.auth.LoginRequestDto;
import at.tuwien.api.user.UserBriefDto;
import at.tuwien.api.user.UserDto;
import at.tuwien.api.user.UserPasswordDto;
@@ -17,9 +16,6 @@ import lombok.extern.log4j.Log4j2;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
-import org.junit.jupiter.params.ParameterizedTest;
-import org.junit.jupiter.params.provider.Arguments;
-import org.junit.jupiter.params.provider.MethodSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.mock.mockito.MockBean;
@@ -34,7 +30,6 @@ import org.springframework.test.context.junit.jupiter.SpringExtension;
import java.security.Principal;
import java.util.List;
import java.util.UUID;
-import java.util.stream.Stream;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.*;
@@ -56,13 +51,6 @@ public class UserEndpointUnitTest extends AbstractUnitTest {
@Autowired
private UserEndpoint userEndpoint;
- public static Stream<Arguments> getToken_parameters() {
- return Stream.of(
- Arguments.arguments("null", null),
- Arguments.arguments("empty", new UUID[]{})
- );
- }
-
@BeforeEach
public void beforeEach() {
genesis();
@@ -104,31 +92,21 @@ public class UserEndpointUnitTest extends AbstractUnitTest {
}
@Test
- @WithAnonymousUser
- public void create_anonymous_succeeds() throws UserExistsException, EmailExistsException, UserNotFoundException,
+ @WithMockUser(username = USER_LOCAL_ADMIN_USERNAME, authorities = {"system"})
+ public void create_succeeds() throws UserExistsException, EmailExistsException, UserNotFoundException,
AuthServiceException, AuthServiceConnectionException, CredentialsInvalidException {
- final CreateUserDto request = CreateUserDto.builder()
- .email(USER_1_EMAIL)
- .username(USER_1_USERNAME)
- .password(USER_1_PASSWORD)
- .build();
/* test */
- create_generic(request, USER_1, USER_1_KEYCLOAK_DTO, USER_1_ID);
+ create_generic(USER_1_SIGNUP_REQUEST_DTO, USER_1);
}
@Test
@WithMockUser(username = USER_1_USERNAME)
- public void create_isAuthenticated_fails() {
- final CreateUserDto request = CreateUserDto.builder()
- .email(USER_2_EMAIL)
- .username(USER_2_USERNAME)
- .password(USER_2_PASSWORD)
- .build();
+ public void create_noRole_fails() {
/* test */
assertThrows(org.springframework.security.access.AccessDeniedException.class, () -> {
- create_generic(request, null, null, null);
+ create_generic(USER_1_SIGNUP_REQUEST_DTO, null);
});
}
@@ -312,50 +290,13 @@ public class UserEndpointUnitTest extends AbstractUnitTest {
/* mock */
when(authenticationService.findByUsername(USER_1_USERNAME))
.thenReturn(USER_1_KEYCLOAK_DTO);
- when(userService.create(any(CreateUserDto.class), any(UUID.class)))
+ when(userService.create(any(CreateUserDto.class)))
.thenReturn(USER_1);
/* test */
getToken_generic(USER_1_LOGIN_REQUEST_DTO, USER_1_PRINCIPAL, null);
}
- @Test
- @WithAnonymousUser
- public void getToken_notExists_fails() throws UserNotFoundException, AuthServiceException,
- AuthServiceConnectionException, CredentialsInvalidException {
-
- /* mock */
- doThrow(UserNotFoundException.class)
- .when(authenticationService)
- .findByUsername(USER_1_USERNAME);
-
- /* test */
- assertThrows(UserNotFoundException.class, () -> {
- getToken_generic(USER_1_LOGIN_REQUEST_DTO, USER_1_PRINCIPAL, null);
- });
- }
-
- @ParameterizedTest
- @MethodSource("getToken_parameters")
- @WithAnonymousUser
- public void getToken_missingLdapId_fails(String name, UUID[] ldapId) throws UserNotFoundException, AuthServiceException,
- AuthServiceConnectionException, CredentialsInvalidException {
- final at.tuwien.api.keycloak.UserDto mock = at.tuwien.api.keycloak.UserDto.builder()
- .attributes(UserAttributesDto.builder()
- .ldapId(ldapId)
- .build())
- .build();
-
- /* mock */
- when(authenticationService.findByUsername(USER_1_USERNAME))
- .thenReturn(mock);
-
- /* test */
- assertThrows(UserNotFoundException.class, () -> {
- getToken_generic(USER_1_LOGIN_REQUEST_DTO, USER_1_PRINCIPAL, null);
- });
- }
-
@Test
@WithAnonymousUser
public void refreshToken_anonymous_succeeds() throws AuthServiceConnectionException, CredentialsInvalidException {
@@ -445,17 +386,12 @@ public class UserEndpointUnitTest extends AbstractUnitTest {
return response.getBody();
}
- protected void create_generic(CreateUserDto data, User user, at.tuwien.api.keycloak.UserDto userDto, UUID id)
- throws UserExistsException, EmailExistsException, UserNotFoundException, AuthServiceException,
- AuthServiceConnectionException, CredentialsInvalidException {
+ protected void create_generic(CreateUserDto data, User user) throws UserExistsException, EmailExistsException,
+ UserNotFoundException, AuthServiceException, AuthServiceConnectionException, CredentialsInvalidException {
/* mock */
- when(userService.create(eq(data), any(UUID.class)))
+ when(userService.create(any(CreateUserDto.class)))
.thenReturn(user);
- when(authenticationService.findByUsername(data.getUsername()))
- .thenReturn(userDto);
- when(authenticationService.create(data))
- .thenReturn(userDto);
/* test */
final ResponseEntity<UserBriefDto> response = userEndpoint.create(data);
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/gateway/KeycloakGatewayUnitTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/gateway/KeycloakGatewayUnitTest.java
index bb3bcbb094..fa21bcbec5 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/gateway/KeycloakGatewayUnitTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/gateway/KeycloakGatewayUnitTest.java
@@ -1,10 +1,10 @@
package at.tuwien.gateway;
-import at.tuwien.test.AbstractUnitTest;
import at.tuwien.api.keycloak.TokenDto;
import at.tuwien.api.keycloak.UserDto;
import at.tuwien.exception.*;
import at.tuwien.gateway.impl.KeycloakGatewayImpl;
+import at.tuwien.test.AbstractUnitTest;
import lombok.extern.log4j.Log4j2;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
@@ -39,73 +39,6 @@ public class KeycloakGatewayUnitTest extends AbstractUnitTest {
@Autowired
private KeycloakGatewayImpl keycloakGateway;
- @Test
- public void createUser_succeeds() throws UserExistsException, EmailExistsException, AuthServiceException,
- AuthServiceConnectionException {
-
- /* mock */
- when(restTemplate.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(TokenDto.class)))
- .thenReturn(ResponseEntity.status(HttpStatus.OK)
- .body(TOKEN_DTO));
- when(keycloakRestTemplate.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(Void.class)))
- .thenReturn(ResponseEntity.status(HttpStatus.CREATED)
- .build());
-
- /* test */
- keycloakGateway.createUser(USER_1_KEYCLOAK_SIGNUP_REQUEST);
- }
-
- @Test
- public void createUser_fails() {
-
- /* mock */
- when(restTemplate.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(TokenDto.class)))
- .thenReturn(ResponseEntity.status(HttpStatus.OK)
- .body(TOKEN_DTO));
- when(keycloakRestTemplate.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(Void.class)))
- .thenReturn(ResponseEntity.status(HttpStatus.NO_CONTENT)
- .build());
-
- /* test */
- assertThrows(AuthServiceException.class, () -> {
- keycloakGateway.createUser(USER_1_KEYCLOAK_SIGNUP_REQUEST);
- });
- }
-
- @Test
- public void createUser_sameUsername_fails() {
-
- /* mock */
- when(restTemplate.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(TokenDto.class)))
- .thenReturn(ResponseEntity.status(HttpStatus.OK)
- .body(TOKEN_DTO));
- doThrow(HttpClientErrorException.Conflict.class)
- .when(keycloakRestTemplate)
- .exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(Void.class));
-
- /* test */
- assertThrows(UserExistsException.class, () -> {
- keycloakGateway.createUser(USER_1_KEYCLOAK_SIGNUP_REQUEST);
- });
- }
-
- @Test
- public void createUser_connection_fails() {
-
- /* mock */
- when(restTemplate.exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(TokenDto.class)))
- .thenReturn(ResponseEntity.status(HttpStatus.OK)
- .body(TOKEN_DTO));
- doThrow(HttpServerErrorException.class)
- .when(keycloakRestTemplate)
- .exchange(anyString(), eq(HttpMethod.POST), any(HttpEntity.class), eq(Void.class));
-
- /* test */
- assertThrows(AuthServiceConnectionException.class, () -> {
- keycloakGateway.createUser(USER_1_KEYCLOAK_SIGNUP_REQUEST);
- });
- }
-
@Test
public void deleteUser_fails() {
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/mvc/AuthenticationPrivilegedIntegrationMvcTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/mvc/AuthenticationPrivilegedIntegrationMvcTest.java
index fa0b6f64f7..558935f3b7 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/mvc/AuthenticationPrivilegedIntegrationMvcTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/mvc/AuthenticationPrivilegedIntegrationMvcTest.java
@@ -4,7 +4,6 @@ import at.tuwien.api.keycloak.TokenDto;
import at.tuwien.exception.AuthServiceConnectionException;
import at.tuwien.exception.AuthServiceException;
import at.tuwien.exception.CredentialsInvalidException;
-import at.tuwien.gateway.KeycloakGateway;
import at.tuwien.repository.ContainerRepository;
import at.tuwien.repository.DatabaseRepository;
import at.tuwien.repository.LicenseRepository;
@@ -49,9 +48,6 @@ public class AuthenticationPrivilegedIntegrationMvcTest extends AbstractUnitTest
@Autowired
private KeycloakUtils keycloakUtils;
- @Autowired
- private KeycloakGateway keycloakGateway;
-
@Autowired
private UserRepository userRepository;
@@ -97,7 +93,7 @@ public class AuthenticationPrivilegedIntegrationMvcTest extends AbstractUnitTest
public void findById_database_basicUser_succeeds() throws Exception {
/* mock */
- keycloakGateway.createUser(USER_1_KEYCLOAK_SIGNUP_REQUEST);
+ keycloakUtils.createUser(USER_1_KEYCLOAK_SIGNUP_REQUEST);
/* test */
this.mockMvc.perform(get("/api/database/1").with(httpBasic(USER_1_USERNAME, USER_1_PASSWORD)))
@@ -112,7 +108,7 @@ public class AuthenticationPrivilegedIntegrationMvcTest extends AbstractUnitTest
public void findById_database_basicAdmin_succeeds() throws Exception {
/* pre condition */
- keycloakGateway.createUser(USER_LOCAL_KEYCLOAK_SIGNUP_REQUEST);
+ keycloakUtils.createUser(USER_LOCAL_KEYCLOAK_SIGNUP_REQUEST);
/* test */
this.mockMvc.perform(get("/api/database/1").with(httpBasic(USER_LOCAL_ADMIN_USERNAME, USER_LOCAL_ADMIN_PASSWORD)))
@@ -127,7 +123,7 @@ public class AuthenticationPrivilegedIntegrationMvcTest extends AbstractUnitTest
public void findById_database_bearerAdmin_succeeds() throws Exception {
/* pre condition */
- keycloakGateway.createUser(USER_LOCAL_KEYCLOAK_SIGNUP_REQUEST);
+ keycloakUtils.createUser(USER_LOCAL_KEYCLOAK_SIGNUP_REQUEST);
final TokenDto jwt = authenticationService.obtainToken(USER_LOCAL_ADMIN_LOGIN_REQUEST_DTO);
/* test */
@@ -143,7 +139,7 @@ public class AuthenticationPrivilegedIntegrationMvcTest extends AbstractUnitTest
public void findById_table_bearerAdmin_succeeds() throws Exception {
/* pre condition */
- keycloakGateway.createUser(USER_LOCAL_KEYCLOAK_SIGNUP_REQUEST);
+ keycloakUtils.createUser(USER_LOCAL_KEYCLOAK_SIGNUP_REQUEST);
final TokenDto jwt = authenticationService.obtainToken(USER_LOCAL_ADMIN_LOGIN_REQUEST_DTO);
@@ -160,7 +156,7 @@ public class AuthenticationPrivilegedIntegrationMvcTest extends AbstractUnitTest
public void findById_table_basicUser_succeeds() throws Exception {
/* mock */
- keycloakGateway.createUser(USER_1_KEYCLOAK_SIGNUP_REQUEST);
+ keycloakUtils.createUser(USER_1_KEYCLOAK_SIGNUP_REQUEST);
/* test */
this.mockMvc.perform(get("/api/database/1/table/1").with(httpBasic(USER_1_USERNAME, USER_1_PASSWORD)))
@@ -175,7 +171,7 @@ public class AuthenticationPrivilegedIntegrationMvcTest extends AbstractUnitTest
public void findById_table_basicAdmin_succeeds() throws Exception {
/* mock */
- keycloakGateway.createUser(USER_LOCAL_KEYCLOAK_SIGNUP_REQUEST);
+ keycloakUtils.createUser(USER_LOCAL_KEYCLOAK_SIGNUP_REQUEST);
/* test */
this.mockMvc.perform(get("/api/database/1/table/1").with(httpBasic(USER_LOCAL_ADMIN_USERNAME, USER_LOCAL_ADMIN_PASSWORD)))
@@ -190,7 +186,7 @@ public class AuthenticationPrivilegedIntegrationMvcTest extends AbstractUnitTest
public void findById_view_basicUser_succeeds() throws Exception {
/* mock */
- keycloakGateway.createUser(USER_1_KEYCLOAK_SIGNUP_REQUEST);
+ keycloakUtils.createUser(USER_1_KEYCLOAK_SIGNUP_REQUEST);
/* test */
this.mockMvc.perform(get("/api/database/1/view/1").with(httpBasic(USER_1_USERNAME, USER_1_PASSWORD)))
@@ -205,7 +201,7 @@ public class AuthenticationPrivilegedIntegrationMvcTest extends AbstractUnitTest
public void findById_container_basicUser_succeeds() throws Exception {
/* mock */
- keycloakGateway.createUser(USER_1_KEYCLOAK_SIGNUP_REQUEST);
+ keycloakUtils.createUser(USER_1_KEYCLOAK_SIGNUP_REQUEST);
/* test */
this.mockMvc.perform(get("/api/container/1").with(httpBasic(USER_1_USERNAME, USER_1_PASSWORD)))
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/mvc/PrometheusEndpointMvcTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/mvc/PrometheusEndpointMvcTest.java
index dc41121b90..632affcf91 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/mvc/PrometheusEndpointMvcTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/mvc/PrometheusEndpointMvcTest.java
@@ -2,11 +2,13 @@ package at.tuwien.mvc;
import at.tuwien.api.auth.RefreshTokenRequestDto;
import at.tuwien.api.container.CreateContainerDto;
-import at.tuwien.test.AbstractUnitTest;
-import at.tuwien.api.database.*;
+import at.tuwien.api.database.DatabaseModifyImageDto;
+import at.tuwien.api.database.DatabaseModifyVisibilityDto;
+import at.tuwien.api.database.DatabaseTransferDto;
import at.tuwien.api.database.table.columns.concepts.ColumnSemanticsUpdateDto;
import at.tuwien.config.MetricsConfig;
import at.tuwien.endpoints.*;
+import at.tuwien.test.AbstractUnitTest;
import io.micrometer.observation.annotation.Observed;
import io.micrometer.observation.tck.TestObservationRegistry;
import io.swagger.v3.oas.annotations.Operation;
@@ -32,7 +34,10 @@ import org.springframework.test.web.servlet.MockMvc;
import java.io.File;
import java.io.IOException;
import java.lang.reflect.Method;
-import java.util.*;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+import java.util.TreeMap;
import static io.micrometer.observation.tck.TestObservationRegistryAssert.assertThat;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
@@ -619,11 +624,8 @@ public class PrometheusEndpointMvcTest extends AbstractUnitTest {
}
/* test */
- for (String metric : List.of("dbrepo_user_create", "dbrepo_user_token")) {
- assertThat(registry)
- .hasObservationWithNameEqualTo(metric);
- }
- // already done above
+ assertThat(registry)
+ .hasObservationWithNameEqualTo("dbrepo_user_token");
}
@Test
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/AuthenticationServiceIntegrationTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/AuthenticationServiceIntegrationTest.java
index fa1cd5d4be..44009e5adc 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/AuthenticationServiceIntegrationTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/AuthenticationServiceIntegrationTest.java
@@ -1,9 +1,10 @@
package at.tuwien.service;
-import at.tuwien.test.AbstractUnitTest;
import at.tuwien.entities.user.User;
import at.tuwien.exception.*;
import at.tuwien.gateway.KeycloakGateway;
+import at.tuwien.test.AbstractUnitTest;
+import at.tuwien.utils.KeycloakUtils;
import dasniko.testcontainers.keycloak.KeycloakContainer;
import lombok.extern.log4j.Log4j2;
import org.junit.jupiter.api.BeforeEach;
@@ -32,6 +33,9 @@ public class AuthenticationServiceIntegrationTest extends AbstractUnitTest {
@Autowired
private KeycloakGateway keycloakGateway;
+ @Autowired
+ private KeycloakUtils keycloakUtils;
+
@BeforeEach
public void beforeEach() {
genesis();
@@ -60,7 +64,7 @@ public class AuthenticationServiceIntegrationTest extends AbstractUnitTest {
} catch (Exception e) {
/* ignore */
}
- keycloakGateway.createUser(USER_1_KEYCLOAK_SIGNUP_REQUEST);
+ keycloakUtils.createUser(USER_1_KEYCLOAK_SIGNUP_REQUEST);
final User request = User.builder()
.id(keycloakGateway.findByUsername(USER_1_USERNAME).getId())
.username(USER_1_USERNAME)
@@ -70,20 +74,4 @@ public class AuthenticationServiceIntegrationTest extends AbstractUnitTest {
authenticationService.delete(request);
}
- @Test
- public void create_succeeds() throws EmailExistsException, UserExistsException,
- DataServiceConnectionException, AuthServiceException, AuthServiceConnectionException,
- CredentialsInvalidException {
-
- /* mock */
- try {
- keycloakGateway.deleteUser(keycloakGateway.findByUsername(USER_1_USERNAME).getId());
- } catch (Exception e) {
- /* ignore */
- }
-
- /* test */
- authenticationService.create(USER_1_SIGNUP_REQUEST_DTO);
- }
-
}
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServicePersistenceTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServicePersistenceTest.java
index 8724e08be1..e3c677c28e 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServicePersistenceTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServicePersistenceTest.java
@@ -1,6 +1,5 @@
package at.tuwien.service;
-import at.tuwien.api.auth.CreateUserDto;
import at.tuwien.api.user.UserPasswordDto;
import at.tuwien.api.user.UserUpdateDto;
import at.tuwien.entities.user.User;
@@ -69,14 +68,9 @@ public class UserServicePersistenceTest extends AbstractUnitTest {
@Test
public void create_succeeds() throws UserExistsException, UserNotFoundException, EmailExistsException {
- final CreateUserDto request = CreateUserDto.builder()
- .username(USER_2_USERNAME)
- .password(USER_2_PASSWORD)
- .email(USER_2_EMAIL)
- .build();
/* test */
- final User response = userService.create(request, USER_2_ID);
+ final User response = userService.create(USER_2_SIGNUP_REQUEST_DTO);
assertEquals(USER_2_USERNAME, response.getUsername());
}
@@ -109,11 +103,7 @@ public class UserServicePersistenceTest extends AbstractUnitTest {
.build();
/* mock */
- final User user = userService.create(CreateUserDto.builder()
- .username(USER_3_USERNAME)
- .password(USER_3_PASSWORD)
- .email(USER_3_EMAIL)
- .build(), USER_3_ID);
+ final User user = userService.create(USER_3_SIGNUP_REQUEST_DTO);
/* test */
userService.updatePassword(user, request);
@@ -151,20 +141,4 @@ public class UserServicePersistenceTest extends AbstractUnitTest {
userService.validateUsernameNotExists(USER_1_USERNAME);
});
}
-
- @Test
- public void validateEmailNotExists_succeeds() throws EmailExistsException {
-
- /* test */
- userService.validateEmailNotExists(USER_2_EMAIL);
- }
-
- @Test
- public void validateEmailNotExists_fails() {
-
- /* test */
- assertThrows(EmailExistsException.class, () -> {
- userService.validateEmailNotExists(USER_1_EMAIL);
- });
- }
}
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServiceUnitTest.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServiceUnitTest.java
index a9fe4694cc..d4442c2916 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServiceUnitTest.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/service/UserServiceUnitTest.java
@@ -1,10 +1,10 @@
package at.tuwien.service;
-import at.tuwien.test.AbstractUnitTest;
import at.tuwien.entities.user.User;
import at.tuwien.exception.*;
import at.tuwien.gateway.KeycloakGateway;
import at.tuwien.repository.UserRepository;
+import at.tuwien.test.AbstractUnitTest;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
@@ -86,14 +86,11 @@ public class UserServiceUnitTest extends AbstractUnitTest {
.thenReturn(Optional.of(USER_1));
when(userRepository.save(any(User.class)))
.thenReturn(USER_1);
- doNothing()
- .when(keycloakGateway)
- .createUser(USER_1_KEYCLOAK_SIGNUP_REQUEST);
when(keycloakGateway.findByUsername(USER_1_USERNAME))
.thenReturn(USER_1_KEYCLOAK_DTO);
/* test */
- final User response = userService.create(USER_1_SIGNUP_REQUEST_DTO, USER_1_ID);
+ final User response = userService.create(USER_1_SIGNUP_REQUEST_DTO);
assertEquals(USER_1_ID, response.getId());
assertEquals(USER_1_USERNAME, response.getUsername());
}
diff --git a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/utils/KeycloakUtils.java b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/utils/KeycloakUtils.java
index f5ad18b694..ba83f3dbc6 100644
--- a/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/utils/KeycloakUtils.java
+++ b/dbrepo-metadata-service/rest-service/src/test/java/at/tuwien/utils/KeycloakUtils.java
@@ -1,12 +1,21 @@
package at.tuwien.utils;
-import at.tuwien.exception.AuthServiceConnectionException;
-import at.tuwien.exception.AuthServiceException;
-import at.tuwien.exception.UserNotFoundException;
+import at.tuwien.api.auth.KeycloakErrorDto;
+import at.tuwien.api.keycloak.UserCreateDto;
+import at.tuwien.config.KeycloakConfig;
+import at.tuwien.exception.*;
import at.tuwien.gateway.KeycloakGateway;
import lombok.extern.log4j.Log4j2;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Component;
+import org.springframework.web.client.HttpClientErrorException;
+import org.springframework.web.client.HttpServerErrorException;
+import org.springframework.web.client.RestTemplate;
import java.util.UUID;
@@ -14,15 +23,46 @@ import java.util.UUID;
@Component
public class KeycloakUtils {
- final static UUID realmId = UUID.fromString("82c39861-d877-4667-a0f3-4daa2ee230e0");
-
+ private final RestTemplate keycloakRestTemplate;
+ private final KeycloakConfig keycloakConfig;
private final KeycloakGateway keycloakGateway;
@Autowired
- public KeycloakUtils(KeycloakGateway keycloakGateway) {
+ public KeycloakUtils(@Qualifier("keycloakRestTemplate") RestTemplate keycloakRestTemplate, KeycloakConfig keycloakConfig,
+ KeycloakGateway keycloakGateway) {
+ this.keycloakRestTemplate = keycloakRestTemplate;
+ this.keycloakConfig = keycloakConfig;
this.keycloakGateway = keycloakGateway;
}
+ public void createUser(UserCreateDto data) throws AuthServiceException, AuthServiceConnectionException,
+ EmailExistsException, UserExistsException {
+ final String path = "/admin/realms/dbrepo/users";
+ log.trace("create user at endpoint {} with path {}", keycloakConfig.getKeycloakEndpoint(), path);
+ final ResponseEntity<Void> response;
+ try {
+ response = keycloakRestTemplate.exchange(path, HttpMethod.POST, new HttpEntity<>(data), Void.class);
+ } catch (HttpServerErrorException e) {
+ log.error("Failed to create user: {}", e.getMessage());
+ throw new AuthServiceConnectionException("Service unavailable", e);
+ } catch (HttpClientErrorException.Conflict e) {
+ if (e.getResponseBodyAsByteArray() != null && e.getResponseBodyAsByteArray().length > 0) {
+ final KeycloakErrorDto error = e.getResponseBodyAs(KeycloakErrorDto.class);
+ if (error != null && error.getErrorMessage().contains("same email")) {
+ log.error("Failed to create user: email exists: {}", e.getMessage());
+ throw new EmailExistsException("E-Mail exists", e);
+ }
+ }
+ log.error("Failed to create user: user exists: {}", e.getMessage());
+ throw new UserExistsException("User exists", e);
+ }
+ if (!response.getStatusCode().equals(HttpStatus.CREATED)) {
+ log.error("Failed to create user: unexpected status: {}", response.getStatusCode().value());
+ throw new AuthServiceException("Unexpected status: " + response.getStatusCode().value());
+ }
+ log.debug("Created user {} at auth service", data.getUsername());
+ }
+
public void deleteUser(String username) throws AuthServiceException, AuthServiceConnectionException {
try {
final UUID userId = keycloakGateway.findByUsername(username).getId();
diff --git a/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/KeycloakGateway.java b/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/KeycloakGateway.java
index 94ea986f78..73f3a02bea 100644
--- a/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/KeycloakGateway.java
+++ b/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/KeycloakGateway.java
@@ -1,7 +1,6 @@
package at.tuwien.gateway;
import at.tuwien.api.keycloak.TokenDto;
-import at.tuwien.api.keycloak.UserCreateDto;
import at.tuwien.api.keycloak.UserDto;
import at.tuwien.api.user.UserPasswordDto;
import at.tuwien.exception.*;
@@ -16,16 +15,6 @@ public interface KeycloakGateway {
TokenDto refreshUserToken(String refreshToken) throws AuthServiceConnectionException,
CredentialsInvalidException;
- /**
- * Creates a user at the Authentication Service with given credentials.
- *
- * @param data The user credentials.
- * @throws UserExistsException The user already exists at the Authentication Service.
- * @throws EmailExistsException The user email already exists in the metadata database.
- */
- void createUser(UserCreateDto data) throws AuthServiceException, AuthServiceConnectionException,
- EmailExistsException, UserExistsException;
-
/**
* Deletes a user at the Authentication Service with given user id.
*
diff --git a/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/KeycloakGatewayImpl.java b/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/KeycloakGatewayImpl.java
index bce9d6e264..fc9afcb4b3 100644
--- a/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/KeycloakGatewayImpl.java
+++ b/dbrepo-metadata-service/services/src/main/java/at/tuwien/gateway/impl/KeycloakGatewayImpl.java
@@ -1,7 +1,9 @@
package at.tuwien.gateway.impl;
import at.tuwien.api.auth.KeycloakErrorDto;
-import at.tuwien.api.keycloak.*;
+import at.tuwien.api.keycloak.TokenDto;
+import at.tuwien.api.keycloak.UpdateCredentialsDto;
+import at.tuwien.api.keycloak.UserDto;
import at.tuwien.api.user.UserPasswordDto;
import at.tuwien.config.KeycloakConfig;
import at.tuwien.exception.*;
@@ -106,35 +108,6 @@ public class KeycloakGatewayImpl implements KeycloakGateway {
return response.getBody();
}
- @Override
- public void createUser(UserCreateDto data) throws AuthServiceException, AuthServiceConnectionException,
- EmailExistsException, UserExistsException {
- final String path = "/admin/realms/dbrepo/users";
- log.trace("create user at endpoint {} with path {}", keycloakConfig.getKeycloakEndpoint(), path);
- final ResponseEntity<Void> response;
- try {
- response = keycloakRestTemplate.exchange(path, HttpMethod.POST, new HttpEntity<>(data), Void.class);
- } catch (HttpServerErrorException e) {
- log.error("Failed to create user: {}", e.getMessage());
- throw new AuthServiceConnectionException("Service unavailable", e);
- } catch (HttpClientErrorException.Conflict e) {
- if (e.getResponseBodyAsByteArray() != null && e.getResponseBodyAsByteArray().length > 0) {
- final KeycloakErrorDto error = e.getResponseBodyAs(KeycloakErrorDto.class);
- if (error != null && error.getErrorMessage().contains("same email")) {
- log.error("Failed to create user: email exists: {}", e.getMessage());
- throw new EmailExistsException("E-Mail exists", e);
- }
- }
- log.error("Failed to create user: user exists: {}", e.getMessage());
- throw new UserExistsException("User exists", e);
- }
- if (!response.getStatusCode().equals(HttpStatus.CREATED)) {
- log.error("Failed to create user: unexpected status: {}", response.getStatusCode().value());
- throw new AuthServiceException("Unexpected status: " + response.getStatusCode().value());
- }
- log.debug("Created user {} at auth service", data.getUsername());
- }
-
@Override
public void deleteUser(UUID id) throws AuthServiceException, AuthServiceConnectionException, UserNotFoundException {
final String path = "/admin/realms/dbrepo/users/" + id;
diff --git a/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/AuthenticationService.java b/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/AuthenticationService.java
index a288d1d6e0..c946dac39a 100644
--- a/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/AuthenticationService.java
+++ b/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/AuthenticationService.java
@@ -1,7 +1,6 @@
package at.tuwien.service;
import at.tuwien.api.auth.LoginRequestDto;
-import at.tuwien.api.auth.CreateUserDto;
import at.tuwien.api.keycloak.TokenDto;
import at.tuwien.api.keycloak.UserDto;
import at.tuwien.api.user.UserPasswordDto;
@@ -12,19 +11,6 @@ import java.util.UUID;
public interface AuthenticationService {
- /**
- * Create a user at the Authentication Service with given credentials.
- *
- * @param data The credentials.
- * @return The user, if successful.
- * @throws UserExistsException The user already exists at the auth database.
- * @throws AuthServiceException The auth service responded with unexpected behavior.
- * @throws AuthServiceConnectionException The connection with the auth service could not be established.
- * @throws EmailExistsException The user email already exists in the metadata database.
- */
- UserDto create(CreateUserDto data) throws UserExistsException, AuthServiceException, AuthServiceConnectionException,
- EmailExistsException, CredentialsInvalidException;
-
/**
* Deletes a user at the Authentication Service with given user id.
*
diff --git a/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/UserService.java b/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/UserService.java
index c2f57c4e53..28e8bb3c40 100644
--- a/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/UserService.java
+++ b/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/UserService.java
@@ -4,7 +4,6 @@ import at.tuwien.api.auth.CreateUserDto;
import at.tuwien.api.user.UserPasswordDto;
import at.tuwien.api.user.UserUpdateDto;
import at.tuwien.entities.user.User;
-import at.tuwien.exception.EmailExistsException;
import at.tuwien.exception.UserExistsException;
import at.tuwien.exception.UserNotFoundException;
@@ -44,10 +43,9 @@ public interface UserService {
* Creates a user in the metadata database managed by Keycloak in the given realm.
*
* @param data The user data.
- * @param id The user id.
* @return The user, if successful.
*/
- User create(CreateUserDto data, UUID id);
+ User create(CreateUserDto data);
/**
* Updates the user information for a user with given id in the metadata database.
@@ -74,13 +72,5 @@ public interface UserService {
*/
void validateUsernameNotExists(String username) throws UserExistsException;
- /**
- * Validates if a user with the given email already exists in the metadata database.
- *
- * @param email The email.
- * @throws EmailExistsException The user with this email already exists.
- */
- void validateEmailNotExists(String email) throws EmailExistsException;
-
String getMariaDbPassword(String password);
}
diff --git a/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/impl/AuthenticationServiceImpl.java b/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/impl/AuthenticationServiceImpl.java
index 24ebeb1665..112684c9aa 100644
--- a/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/impl/AuthenticationServiceImpl.java
+++ b/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/impl/AuthenticationServiceImpl.java
@@ -1,14 +1,12 @@
package at.tuwien.service.impl;
import at.tuwien.api.auth.LoginRequestDto;
-import at.tuwien.api.auth.CreateUserDto;
import at.tuwien.api.keycloak.TokenDto;
import at.tuwien.api.keycloak.UserDto;
import at.tuwien.api.user.UserPasswordDto;
import at.tuwien.entities.user.User;
import at.tuwien.exception.*;
import at.tuwien.gateway.KeycloakGateway;
-import at.tuwien.mapper.MetadataMapper;
import at.tuwien.service.AuthenticationService;
import lombok.extern.log4j.Log4j2;
import org.springframework.beans.factory.annotation.Autowired;
@@ -20,26 +18,13 @@ import java.util.UUID;
@Service
public class AuthenticationServiceImpl implements AuthenticationService {
- private final MetadataMapper metadataMapper;
private final KeycloakGateway keycloakGateway;
@Autowired
- public AuthenticationServiceImpl(MetadataMapper metadataMapper, KeycloakGateway keycloakGateway) {
- this.metadataMapper = metadataMapper;
+ public AuthenticationServiceImpl(KeycloakGateway keycloakGateway) {
this.keycloakGateway = keycloakGateway;
}
- @Override
- public UserDto create(CreateUserDto data) throws UserExistsException, AuthServiceException,
- AuthServiceConnectionException, EmailExistsException, CredentialsInvalidException {
- keycloakGateway.createUser(metadataMapper.signupRequestDtoToUserCreateDto(data));
- try {
- return findByUsername(data.getUsername());
- } catch (UserNotFoundException e) {
- throw new AuthServiceException("Failed to find user in auth service", e);
- }
- }
-
@Override
public void delete(User user) throws AuthServiceException, AuthServiceConnectionException, UserNotFoundException,
CredentialsInvalidException {
diff --git a/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/impl/UserServiceImpl.java b/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/impl/UserServiceImpl.java
index 042684f8c9..833c16c097 100644
--- a/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/impl/UserServiceImpl.java
+++ b/dbrepo-metadata-service/services/src/main/java/at/tuwien/service/impl/UserServiceImpl.java
@@ -3,15 +3,14 @@ package at.tuwien.service.impl;
import at.tuwien.api.auth.CreateUserDto;
import at.tuwien.api.user.UserPasswordDto;
import at.tuwien.api.user.UserUpdateDto;
-import at.tuwien.config.KeycloakConfig;
import at.tuwien.entities.user.User;
-import at.tuwien.exception.EmailExistsException;
import at.tuwien.exception.UserExistsException;
import at.tuwien.exception.UserNotFoundException;
import at.tuwien.repository.UserRepository;
import at.tuwien.service.UserService;
import lombok.extern.log4j.Log4j2;
import org.apache.commons.codec.digest.DigestUtils;
+import org.apache.commons.lang3.RandomStringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
@@ -24,12 +23,10 @@ import java.util.UUID;
@Service
public class UserServiceImpl implements UserService {
- private final KeycloakConfig keycloakConfig;
private final UserRepository userRepository;
@Autowired
- public UserServiceImpl(KeycloakConfig keycloakConfig, UserRepository userRepository) {
- this.keycloakConfig = keycloakConfig;
+ public UserServiceImpl(UserRepository userRepository) {
this.userRepository = userRepository;
}
@@ -64,15 +61,16 @@ public class UserServiceImpl implements UserService {
}
@Override
- public User create(CreateUserDto data, UUID id) {
+ public User create(CreateUserDto data) {
/* create at authentication service */
final User entity = User.builder()
- .id(id)
+ .id(data.getLdapId())
.username(data.getUsername())
- .email(data.getEmail())
.theme("light")
- .mariadbPassword(getMariaDbPassword(data.getPassword()))
+ .mariadbPassword(getMariaDbPassword(RandomStringUtils.randomAlphabetic(10))) /* user needs to set it later to access */
.language("en")
+ .firstname(data.getGivenName())
+ .lastname(data.getFamilyName())
.isInternal(false)
.build();
/* create at metadata database */
@@ -110,13 +108,6 @@ public class UserServiceImpl implements UserService {
}
}
- @Override
- public void validateEmailNotExists(String email) throws EmailExistsException {
- if (userRepository.existsByEmail(email)) {
- throw new EmailExistsException("User with email " + email + " already exists");
- }
- }
-
@Override
public String getMariaDbPassword(String password) {
final byte[] utf8 = password.getBytes(StandardCharsets.UTF_8);
diff --git a/dbrepo-metadata-service/test/src/main/java/at/tuwien/test/BaseTest.java b/dbrepo-metadata-service/test/src/main/java/at/tuwien/test/BaseTest.java
index 5c60849dc1..00365c5ee8 100644
--- a/dbrepo-metadata-service/test/src/main/java/at/tuwien/test/BaseTest.java
+++ b/dbrepo-metadata-service/test/src/main/java/at/tuwien/test/BaseTest.java
@@ -446,7 +446,6 @@ public abstract class BaseTest {
public final static String USER_LOCAL_ADMIN_THEME = "dark";
public final static Boolean USER_LOCAL_ADMIN_IS_INTERNAL = true;
public final static Boolean USER_LOCAL_ADMIN_ENABLED = true;
- public final static String USER_LOCAL_ADMIN_EMAIL = "admin@local";
@SuppressWarnings("java:S2068")
public final static String USER_LOCAL_ADMIN_MARIADB_PASSWORD = "*440BA4FD1A87A0999647DB67C0EE258198B247BA";
@@ -465,7 +464,6 @@ public abstract class BaseTest {
public final static User USER_LOCAL = User.builder()
.id(USER_LOCAL_ADMIN_ID)
.username(USER_LOCAL_ADMIN_USERNAME)
- .email(USER_LOCAL_ADMIN_EMAIL)
.mariadbPassword(USER_LOCAL_ADMIN_MARIADB_PASSWORD)
.theme(USER_LOCAL_ADMIN_THEME)
.isInternal(USER_LOCAL_ADMIN_IS_INTERNAL)
@@ -475,8 +473,7 @@ public abstract class BaseTest {
USER_LOCAL_ADMIN_PASSWORD, USER_LOCAL_ADMIN_DETAILS.getAuthorities());
public final static UUID USER_1_ID = UUID.fromString("cd5bab0d-7799-4069-85fb-c5d738572a0b");
- public final static UUID USER_1_LDAP_ID = UUID.fromString("cd5bab0d-7799-4069-85fb-c5d738572a0b");
- public final static String USER_1_EMAIL = "john.doe@example.com";
+ public final static UUID USER_1_KEYCLOAK_ID = UUID.fromString("cd5bab0d-7799-4069-85fb-c5d738572a0b");
public final static String USER_1_USERNAME = "junit1";
@SuppressWarnings("java:S2068")
public final static String USER_1_PASSWORD = "junit1";
@@ -530,7 +527,6 @@ public abstract class BaseTest {
public final static UserCreateDto USER_1_KEYCLOAK_SIGNUP_REQUEST = UserCreateDto.builder()
.username(USER_1_USERNAME)
- .email(USER_1_EMAIL)
.enabled(USER_1_ENABLED)
.credentials(new LinkedList<>(List.of(USER_1_KEYCLOAK_CREDENTIAL_1)))
.attributes(UserCreateAttributesDto.builder()
@@ -540,7 +536,6 @@ public abstract class BaseTest {
public final static UserCreateDto USER_LOCAL_KEYCLOAK_SIGNUP_REQUEST = UserCreateDto.builder()
.username(USER_LOCAL_ADMIN_USERNAME)
- .email(USER_LOCAL_ADMIN_EMAIL)
.enabled(USER_LOCAL_ADMIN_ENABLED)
.credentials(new LinkedList<>(List.of(USER_LOCAL_KEYCLOAK_CREDENTIAL_1)))
.groups(new LinkedList<>(List.of("system")))
@@ -552,7 +547,6 @@ public abstract class BaseTest {
public final static User USER_1 = User.builder()
.id(USER_1_ID)
.username(USER_1_USERNAME)
- .email(USER_1_EMAIL)
.firstname(USER_1_FIRSTNAME)
.lastname(USER_1_LASTNAME)
.affiliation(USER_1_AFFILIATION)
@@ -589,13 +583,12 @@ public abstract class BaseTest {
public final static at.tuwien.api.keycloak.UserDto USER_1_KEYCLOAK_DTO = at.tuwien.api.keycloak.UserDto.builder()
.id(USER_1_ID)
.username(USER_1_USERNAME)
- .email(USER_1_EMAIL)
.emailVerified(USER_1_VERIFIED)
.notBefore(USER_1_NOT_BEFORE)
.totp(USER_1_TOTP)
.attributes(at.tuwien.api.keycloak.UserAttributesDto.builder()
.ldapEntryDn(new String[]{"cn=" + USER_1_USERNAME + ",dn=dbrepo,dn=at"})
- .ldapId(new UUID[]{USER_1_LDAP_ID})
+ .ldapId(new UUID[]{USER_1_KEYCLOAK_ID})
.build())
.build();
@@ -612,7 +605,6 @@ public abstract class BaseTest {
public final static UserDetails USER_1_DETAILS = UserDetailsDto.builder()
.id(USER_1_ID.toString())
.username(USER_1_USERNAME)
- .email(USER_1_EMAIL)
.password(USER_1_PASSWORD)
.authorities(AUTHORITY_DEFAULT_RESEARCHER_AUTHORITIES)
.build();
@@ -621,9 +613,9 @@ public abstract class BaseTest {
USER_1_PASSWORD, USER_1_DETAILS.getAuthorities());
public final static CreateUserDto USER_1_SIGNUP_REQUEST_DTO = CreateUserDto.builder()
+ .id(USER_1_KEYCLOAK_ID)
+ .ldapId(USER_1_ID)
.username(USER_1_USERNAME)
- .password(USER_1_PASSWORD)
- .email(USER_1_EMAIL)
.build();
public final static LoginRequestDto USER_1_LOGIN_REQUEST_DTO = LoginRequestDto.builder()
@@ -632,7 +624,7 @@ public abstract class BaseTest {
.build();
public final static UUID USER_2_ID = UUID.fromString("eeb9a51b-4cd8-4039-90bf-e24f17372f7c");
- public final static UUID USER_2_LDAP_ID = UUID.fromString("eeb9a51b-4cd8-4039-90bf-e24f17372f7c");
+ public final static UUID USER_2_KEYCLOAK_ID = UUID.fromString("eeb9a51b-4cd8-4039-90bf-e24f17372f7c");
public final static String USER_2_EMAIL = "jane.doe@example.com";
public final static String USER_2_USERNAME = "junit2";
public final static String USER_2_FIRSTNAME = "Jane";
@@ -667,7 +659,6 @@ public abstract class BaseTest {
public final static User USER_2 = User.builder()
.id(USER_2_ID)
.username(USER_2_USERNAME)
- .email(USER_2_EMAIL)
.firstname(USER_2_FIRSTNAME)
.lastname(USER_2_LASTNAME)
.affiliation(USER_2_AFFILIATION)
@@ -699,28 +690,21 @@ public abstract class BaseTest {
.build();
public final static CreateUserDto USER_2_SIGNUP_REQUEST_DTO = CreateUserDto.builder()
+ .id(USER_2_KEYCLOAK_ID)
+ .ldapId(USER_2_ID)
.username(USER_2_USERNAME)
- .password(USER_2_PASSWORD)
.email(USER_2_EMAIL)
+ .givenName(USER_2_FIRSTNAME)
+ .familyName(USER_2_LASTNAME)
.build();
public final static UserDetails USER_2_DETAILS = UserDetailsDto.builder()
.id(USER_2_ID.toString())
.username(USER_2_USERNAME)
- .email(USER_2_EMAIL)
.password(USER_2_PASSWORD)
.authorities(AUTHORITY_DEFAULT_RESEARCHER_AUTHORITIES)
.build();
- public final static at.tuwien.api.keycloak.UserDto USER_2_KEYCLOAK_DTO = at.tuwien.api.keycloak.UserDto.builder()
- .id(USER_2_ID)
- .username(USER_2_USERNAME)
- .email(USER_2_EMAIL)
- .emailVerified(USER_2_VERIFIED)
- .notBefore(USER_2_NOT_BEFORE)
- .totp(USER_2_TOTP)
- .build();
-
public final static at.tuwien.api.amqp.UserDetailsDto USER_2_DETAILS_DTO = at.tuwien.api.amqp.UserDetailsDto.builder()
.name(USER_2_USERNAME)
.tags(new String[]{})
@@ -730,7 +714,7 @@ public abstract class BaseTest {
USER_2_PASSWORD, USER_2_DETAILS.getAuthorities());
public final static UUID USER_3_ID = UUID.fromString("7b080e33-d8db-4276-9d53-47208e657006");
- public final static UUID USER_3_LDAP_ID = UUID.fromString("7b080e33-d8db-4276-9d53-47208e657006");
+ public final static UUID USER_3_KEYCLOAK_ID = UUID.fromString("b0108bc3-95aa-4a3f-8868-dc301286aeca");
public final static String USER_3_USERNAME = "junit3";
public final static String USER_3_FIRSTNAME = "System";
public final static String USER_3_LASTNAME = "System";
@@ -763,7 +747,6 @@ public abstract class BaseTest {
public final static User USER_3 = User.builder()
.id(USER_3_ID)
.username(USER_3_USERNAME)
- .email(USER_3_EMAIL)
.firstname(USER_3_FIRSTNAME)
.lastname(USER_3_LASTNAME)
.affiliation(USER_3_AFFILIATION)
@@ -795,11 +778,16 @@ public abstract class BaseTest {
public final static UserDetails USER_3_DETAILS = UserDetailsDto.builder()
.id(USER_3_ID.toString())
.username(USER_3_USERNAME)
- .email(USER_3_EMAIL)
.password(USER_3_PASSWORD)
.authorities(AUTHORITY_DEFAULT_RESEARCHER_AUTHORITIES)
.build();
+ public final static CreateUserDto USER_3_SIGNUP_REQUEST_DTO = CreateUserDto.builder()
+ .id(USER_3_KEYCLOAK_ID)
+ .ldapId(USER_3_ID)
+ .username(USER_3_USERNAME)
+ .build();
+
public final static at.tuwien.api.keycloak.UserDto USER_3_KEYCLOAK_DTO = at.tuwien.api.keycloak.UserDto.builder()
.id(USER_3_ID)
.username(USER_3_USERNAME)
@@ -818,7 +806,7 @@ public abstract class BaseTest {
.build();
public final static UUID USER_4_ID = UUID.fromString("791d58c5-bfab-4520-b4fc-b44d4ab9feb0");
- public final static UUID USER_4_LDAP_ID = UUID.fromString("791d58c5-bfab-4520-b4fc-b44d4ab9feb0");
+ public final static UUID USER_4_KEYCLOAK_ID = UUID.fromString("25040ad3-6d57-4052-b357-6b4c8a6e7f4d");
public final static String USER_4_USERNAME = "junit4";
public final static String USER_4_FIRSTNAME = "JUnit";
public final static String USER_4_LASTNAME = "4";
@@ -830,7 +818,6 @@ public abstract class BaseTest {
@SuppressWarnings("java:S2068")
public final static String USER_4_DATABASE_PASSWORD = "*C20EF5C6875857DEFA9BE6E9B62DD76AAAE51882" /* junit4 */;
public final static String USER_4_QUALIFIED_NAME = USER_4_FIRSTNAME + " " + USER_4_LASTNAME + " — @" + USER_4_USERNAME;
- public final static String USER_4_EMAIL = "junit4@ossdip.at";
public final static Boolean USER_4_VERIFIED = true;
public final static Boolean USER_4_ENABLED = true;
public final static Boolean USER_4_IS_INTERNAL = false;
@@ -848,7 +835,6 @@ public abstract class BaseTest {
public final static User USER_4 = User.builder()
.id(USER_4_ID)
.username(USER_4_USERNAME)
- .email(USER_4_EMAIL)
.firstname(USER_4_FIRSTNAME)
.lastname(USER_4_LASTNAME)
.affiliation(USER_4_AFFILIATION)
@@ -880,7 +866,6 @@ public abstract class BaseTest {
public final static UserDetails USER_4_DETAILS = UserDetailsDto.builder()
.id(USER_4_ID.toString())
.username(USER_4_USERNAME)
- .email(USER_4_EMAIL)
.password(USER_4_PASSWORD)
.authorities(new LinkedList<>())
.build();
@@ -901,7 +886,6 @@ public abstract class BaseTest {
@SuppressWarnings("java:S2068")
public final static String USER_5_DATABASE_PASSWORD = "*C20EF5C6875857DEFA9BE6E9B62DD76AAAE51882" /* junit5 */;
public final static String USER_5_QUALIFIED_NAME = USER_5_FIRSTNAME + " " + USER_5_LASTNAME + " — @" + USER_5_USERNAME;
- public final static String USER_5_EMAIL = "system@ossdip.at";
public final static Boolean USER_5_VERIFIED = true;
public final static Boolean USER_5_ENABLED = true;
public final static Boolean USER_5_IS_INTERNAL = false;
@@ -936,7 +920,6 @@ public abstract class BaseTest {
public final static UserDetails USER_5_DETAILS = UserDetailsDto.builder()
.id(USER_5_ID.toString())
.username(USER_5_USERNAME)
- .email(USER_5_EMAIL)
.password(USER_5_PASSWORD)
.authorities(AUTHORITY_DEFAULT_DEVELOPER_AUTHORITIES)
.build();
@@ -947,7 +930,6 @@ public abstract class BaseTest {
public final static User USER_5 = User.builder()
.id(USER_5_ID)
.username(USER_5_USERNAME)
- .email(USER_5_EMAIL)
.firstname(USER_5_FIRSTNAME)
.lastname(USER_5_LASTNAME)
.affiliation(USER_5_AFFILIATION)
@@ -967,7 +949,6 @@ public abstract class BaseTest {
public final static String USER_6_PASSWORD = "junit5";
@SuppressWarnings("java:S2068")
public final static String USER_6_DATABASE_PASSWORD = "*C20EF5C6875857DEFA9BE6E9B62DD76AAAE51882" /* junit5 */;
- public final static String USER_6_EMAIL = "system@ossdip.at";
public final static Boolean USER_6_VERIFIED = true;
public final static Boolean USER_6_ENABLED = true;
public final static Boolean USER_6_IS_INTERNAL = false;
@@ -985,7 +966,6 @@ public abstract class BaseTest {
public final static UserDetails USER_6_DETAILS = UserDetailsDto.builder()
.id(USER_6_ID.toString())
.username(USER_6_USERNAME)
- .email(USER_6_EMAIL)
.password(USER_6_PASSWORD)
.authorities(AUTHORITY_DEFAULT_RESEARCHER_AUTHORITIES)
.build();
diff --git a/docker-compose.yml b/docker-compose.yml
index 0f2f7f84b1..ef7e6a8a32 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -85,7 +85,7 @@ services:
- ./dbrepo-auth-service/import-realms.sh:/docker-entrypoint-initdb.d/import-realms.sh
- ./dbrepo-auth-service/master-realm.json:/opt/keycloak/data/import/master-realm.json
- ./dbrepo-auth-service/dbrepo-realm.json:/opt/keycloak/data/import/dbrepo-realm.json
- - ./dbrepo-auth-service/create-event-listener/create-event-listener.jar:/opt/bitnami/keycloak/providers/create-event-listener.jar
+ - ./dbrepo-auth-service/listeners/target/create-event-listener.jar:/opt/bitnami/keycloak/providers/create-event-listener.jar
ports:
- "8080:8080"
environment:
@@ -95,7 +95,9 @@ services:
KEYCLOAK_DATABASE_NAME: "${AUTH_DB_NAME:-keycloak}"
KEYCLOAK_DATABASE_USER: "${AUTH_DB_USERNAME:-keycloak}"
KEYCLOAK_DATABASE_PASSWORD: "${AUTH_DB_PASSWORD:-dbrepo}"
- WEBHOOK_URL: https://webhook.site/a3349f41-ebfd-443a-bd06-a0d9c503e76c
+ METADATA_SERVICE_ENDPOINT: "${METADATA_SERVICE_ENDPOINT:-http://metadata-service:8080}/api/user"
+ SYSTEM_USERNAME: "${SYSTEM_USERNAME:-admin}"
+ SYSTEM_PASSWORD: "${SYSTEM_PASSWORD:-admin}"
healthcheck:
test: curl -fsS http://localhost:8080/realms/master
interval: 10s
--
GitLab