diff --git a/admin/docker/requirements.pip3 b/admin/docker/requirements.pip3 index 1ca641a..76b9c90 100644 --- a/admin/docker/requirements.pip3 +++ b/admin/docker/requirements.pip3 @@ -1,3 +1,4 @@ +python-keycloak==0.24.0 bcrypt==3.1.7 cffi==1.14.0 click==7.1.2 diff --git a/admin/src/tests/__pycache__/keycloak_client_exc.cpython-38.pyc b/admin/src/tests/__pycache__/keycloak_client_exc.cpython-38.pyc new file mode 100644 index 0000000..59e37c4 Binary files /dev/null and b/admin/src/tests/__pycache__/keycloak_client_exc.cpython-38.pyc differ diff --git a/admin/src/tests/keycloak_client.py b/admin/src/tests/keycloak_client.py new file mode 100644 index 0000000..9a1912e --- /dev/null +++ b/admin/src/tests/keycloak_client.py @@ -0,0 +1,102 @@ +import os,time,requests,json,getpass,pprint +import traceback + +from keycloak_client_exc import * + +class ApiClient(): + def __init__(self,realm='master'): + ##server=os.environ['KEYCLOAK_HOST'] + server='isard-sso-keycloak' + self.base_url="http://"+server+":8080/auth/realms/"+realm + self.headers={"Content-Type": "application/x-www-form-urlencoded"} + self.payload={'username':'admin', + 'password':'keycloakkeycloak', + 'grant_type':'password', + 'client_id':'admin-cli'} + self.token=self.get_token() + self.admin_url="http://"+server+":8080/auth/admin/realms/"+realm + # /admin/realms/${KEYCLOAK_REALM}/users/${$USER_ID}" + self.admin_headers={"Accept": "application/json", + "Authorization": "Bearer "+self.token} + + def get_token(self): + path="/protocol/openid-connect/token" + resp = requests.post(self.base_url+path, data=self.payload, headers=self.headers) + if resp.status_code == 200: return json.loads(resp.text)['access_token'] + print(" URL: "+self.base_url+path) + print("STATUS CODE: "+str(resp.status_code)) + print(" RESPONSE: "+resp.text) + exit(1) + + def get(self,path,status_code=200,data={},params={}): + resp = requests.get(self.admin_url+path, data=data, params=params, headers=self.admin_headers) + if resp.status_code == status_code: return json.loads(resp.text) + print(" URL: "+self.admin_url+path) + print("STATUS CODE: "+str(resp.status_code)) + print(" RESPONSE: "+resp.text) + raise + + def post(self,path,status_code=200,data={},params={},json={}): + resp = requests.post(self.admin_url+path, data=data, params=params, json=json, headers=self.admin_headers) + #if resp.status_code == status_code: return True + print(" URL: "+self.admin_url+path) + print("STATUS CODE: "+str(resp.status_code)) + print(" RESPONSE: "+resp.text) + if resp.status_code == 409: raise keycloakUsernameEmailExists + raise keycloakError + +class KeycloakClient(): + def __init__(self,realm='master'): + ## REFERENCE: https://www.keycloak.org/docs-api/13.0/rest-api/index.html + self.api=ApiClient() + + def get_users(self,username=False,exact=True): + path='/users' + if not username: return self.api.get(path) + return self.api.get(path,params={"username":username,'exact':exact}) + + def add_user(self,username,first,last,email,password): + user={"firstName":first, + "lastName":last, + "email":last, + "enabled":"true", + "username":username, + "credentials":[{"type":"password", + "value":password, + "temporary":False}]} + try: + self.api.post('/users',status_code=201,json=user) + return True + except keycloakExists: + print('Username or email already exists') + except: + traceback.format_exc() + return False + + def get_groups(self,name=False): + path='/groups' + if not name: return self.api.get(path) + return self.api.get(path,params={"name":name}) + + def add_group(self,name,subgroups=False): + group={"name":name} + try: + self.api.post('/groups',status_code=201,json=group) + return True + except keycloakExists: + print('Group name already exists') + except: + traceback.format_exc() + return False + +kapi=KeycloakClient() +# print('GET USERS') +# pprint.pprint(kapi.get_users()) +# print('GET ADMIN USER') +# pprint.pprint(kapi.get_users(username='admin')) +# print('ADD USER') +# print(kapi.add_user('pepito','Pepito','Grillo','info@info.com','añlsdkjf')) +# print('GET GROUPS') +# pprint.pprint(kapi.get_groups()) +print('ADD GROUP') +pprint.pprint(kapi.add_group('pepito')) \ No newline at end of file diff --git a/admin/src/tests/keycloak_client_exc.py b/admin/src/tests/keycloak_client_exc.py new file mode 100644 index 0000000..21d9b7c --- /dev/null +++ b/admin/src/tests/keycloak_client_exc.py @@ -0,0 +1,5 @@ +class keycloakError(Exception): + pass + +class keycloakExists(Exception): + pass diff --git a/config/dd.sh b/config/dd.sh index 71c5fc8..231cf01 100644 --- a/config/dd.sh +++ b/config/dd.sh @@ -8,9 +8,18 @@ docker exec -i isard-sso-keycloak sh -c '/opt/jboss/keycloak/bin/kcadm.sh \ /opt/jboss/keycloak/bin/kcadm.sh \ get realms/master' > keycloak/realm.json -echo "Dump realm.json" +echo "Dump clients.json" docker exec -i isard-sso-keycloak sh -c '/opt/jboss/keycloak/bin/kcadm.sh \ config credentials --server http://localhost:8080/auth \ --realm master --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD &> /dev/null && \ /opt/jboss/keycloak/bin/kcadm.sh \ - get realms/master' > keycloak/realm.json \ No newline at end of file + get clients' > keycloak/clients.json + +kcadm.sh create realms -f - << EOF +{ "realm": "demorealm", "enabled": true } +EOF + + +### NEW + +./kcadm.sh update realms/master -f realm.json \ No newline at end of file diff --git a/isard-sso b/isard-sso index 174a6d3..790afd2 160000 --- a/isard-sso +++ b/isard-sso @@ -1 +1 @@ -Subproject commit 174a6d3ae524f08d72056b571fd41a6975cb8cf1 +Subproject commit 790afd2a9c70618e422b0e69ffa702f80a4ee1a6 diff --git a/scripts/keycloak/templates/clients.json b/scripts/keycloak/templates/clients.json deleted file mode 100644 index 841e07e..0000000 --- a/scripts/keycloak/templates/clients.json +++ /dev/null @@ -1,286 +0,0 @@ -[ { - "id" : "a92d5417-92b6-4678-9cb9-51bc0edcee8c", - "clientId" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/metadata.php", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-acs.php/moodle.[[DOMAIN]]" ], - "webOrigins" : [ "https://moodle.[[DOMAIN]]" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : true, - "protocol" : "saml", - "attributes" : { - "saml.force.post.binding" : "true", - "saml.encrypt" : "true", - "saml_assertion_consumer_url_post" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-acs.php/moodle.[[DOMAIN]]", - "saml.server.signature" : "true", - "saml.server.signature.keyinfo.ext" : "false", - "saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]", - "saml_single_logout_service_url_redirect" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-logout.php/moodle.[[DOMAIN]]", - "saml.signature.algorithm" : "RSA_SHA256", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "true", - "saml.encryption.certificate" : "[[ENCRYPTION_CERTIFICATE]]", - "saml.authnstatement" : "true", - "saml_name_id_format" : "username", - "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "9296daa3-4fc4-4b80-b007-5070f546ae13", - "name" : "X500 surname", - "protocol" : "saml", - "protocolMapper" : "saml-user-property-mapper", - "consentRequired" : false, - "config" : { - "attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", - "user.attribute" : "lastName", - "friendly.name" : "surname", - "attribute.name" : "urn:oid:2.5.4.4" - } - }, { - "id" : "ccecf6e4-d20a-4211-b67c-40200a6b2c5d", - "name" : "username", - "protocol" : "saml", - "protocolMapper" : "saml-user-property-mapper", - "consentRequired" : false, - "config" : { - "attribute.nameformat" : "Basic", - "user.attribute" : "username", - "friendly.name" : "username", - "attribute.name" : "username" - } - }, { - "id" : "53858403-eba2-4f6d-81d0-cced700b5719", - "name" : "X500 givenName", - "protocol" : "saml", - "protocolMapper" : "saml-user-property-mapper", - "consentRequired" : false, - "config" : { - "attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", - "user.attribute" : "firstName", - "friendly.name" : "givenName", - "attribute.name" : "urn:oid:2.5.4.42" - } - }, { - "id" : "20034db5-1d0e-4e66-b815-fb0440c6d1e2", - "name" : "X500 email", - "protocol" : "saml", - "protocolMapper" : "saml-user-property-mapper", - "consentRequired" : false, - "config" : { - "attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", - "user.attribute" : "email", - "friendly.name" : "email", - "attribute.name" : "urn:oid:1.2.840.113549.1.9.1" - } - } ], - "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ], - "access" : { - "view" : true, - "configure" : true, - "manage" : true - } -}, { - "id" : "bef873f0-2079-4876-8657-067de27d01b7", - "clientId" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/metadata", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/acs" ], - "webOrigins" : [ "https://nextcloud.[[DOMAIN]]" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : true, - "protocol" : "saml", - "attributes" : { - "saml.assertion.signature" : "true", - "saml.force.post.binding" : "true", - "saml_assertion_consumer_url_post" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/acs", - "saml.server.signature" : "true", - "saml.server.signature.keyinfo.ext" : "false", - "saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]", - "saml_single_logout_service_url_redirect" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/sls", - "saml.signature.algorithm" : "RSA_SHA256", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "true", - "saml.authnstatement" : "true", - "saml_name_id_format" : "username", - "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "e8e4acff-da2b-46aa-8bdb-ba42171671d6", - "name" : "username", - "protocol" : "saml", - "protocolMapper" : "saml-user-attribute-mapper", - "consentRequired" : false, - "config" : { - "attribute.nameformat" : "Basic", - "user.attribute" : "username", - "friendly.name" : "username", - "attribute.name" : "username" - } - }, { - "id" : "28206b59-757b-4e3c-81cb-0b6053b1fd3d", - "name" : "email", - "protocol" : "saml", - "protocolMapper" : "saml-user-property-mapper", - "consentRequired" : false, - "config" : { - "attribute.nameformat" : "Basic", - "user.attribute" : "email", - "friendly.name" : "email", - "attribute.name" : "email" - } - }, { - "id" : "e51e04b9-f71a-42de-819e-dd9285246ada", - "name" : "Roles", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "true", - "attribute.nameformat" : "Basic", - "friendly.name" : "Roles", - "attribute.name" : "Roles" - } - } ], - "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ], - "access" : { - "view" : true, - "configure" : true, - "manage" : true - } -}, { - "id" : "78a85fd1-869d-4ba4-8391-5708f7d1abe6", - "clientId" : "master-realm", - "name" : "master Realm", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ], - "access" : { - "view" : true, - "configure" : true, - "manage" : true - } -}, { - "id" : "630601f8-25d1-4822-8741-c93affd2cd84", - "clientId" : "php-saml", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "https://wp.[[DOMAIN]]/wp-login.php?saml_acs" ], - "webOrigins" : [ "https://wp.[[DOMAIN]]" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : true, - "protocol" : "saml", - "attributes" : { - "saml.force.post.binding" : "true", - "saml_assertion_consumer_url_post" : "https://wp.[[DOMAIN]]/wp-login.php?saml_acs", - "saml.server.signature" : "true", - "saml.server.signature.keyinfo.ext" : "false", - "saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]", - "saml_single_logout_service_url_redirect" : "https://wp.[[DOMAIN]]/wp-login.php?saml_sls", - "saml.signature.algorithm" : "RSA_SHA256", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "true", - "saml.authnstatement" : "true", - "saml_name_id_format" : "username", - "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "72c6175e-bd07-4c27-abd6-4e4ae38d834b", - "name" : "username", - "protocol" : "saml", - "protocolMapper" : "saml-user-attribute-mapper", - "consentRequired" : false, - "config" : { - "attribute.nameformat" : "Basic", - "user.attribute" : "username", - "friendly.name" : "username", - "attribute.name" : "username" - } - }, { - "id" : "abd6562f-4732-4da9-987f-b1a6ad6605fa", - "name" : "roles", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "true", - "attribute.nameformat" : "Basic", - "friendly.name" : "Roles", - "attribute.name" : "Role" - } - }, { - "id" : "50aafb71-d91c-4bc7-bb60-e1ae0222aab3", - "name" : "email", - "protocol" : "saml", - "protocolMapper" : "saml-user-property-mapper", - "consentRequired" : false, - "config" : { - "attribute.nameformat" : "Basic", - "user.attribute" : "email", - "friendly.name" : "email", - "attribute.name" : "email" - } - } ], - "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ], - "access" : { - "view" : true, - "configure" : true, - "manage" : true - } -} ] \ No newline at end of file diff --git a/scripts/keycloak/templates/sp_moodle.json b/scripts/keycloak/templates/sp_moodle.json new file mode 100644 index 0000000..84eebb4 --- /dev/null +++ b/scripts/keycloak/templates/sp_moodle.json @@ -0,0 +1,95 @@ +{ + "id" : "a92d5417-92b6-4678-9cb9-51bc0edcee8c", + "clientId" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/metadata.php", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-acs.php/moodle.[[DOMAIN]]" ], + "webOrigins" : [ "https://moodle.[[DOMAIN]]" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : true, + "protocol" : "saml", + "attributes" : { + "saml.force.post.binding" : "true", + "saml.encrypt" : "true", + "saml_assertion_consumer_url_post" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-acs.php/moodle.[[DOMAIN]]", + "saml.server.signature" : "true", + "saml.server.signature.keyinfo.ext" : "false", + "saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]", + "saml_single_logout_service_url_redirect" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-logout.php/moodle.[[DOMAIN]]", + "saml.signature.algorithm" : "RSA_SHA256", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "true", + "saml.encryption.certificate" : "[[ENCRYPTION_CERTIFICATE]]", + "saml.authnstatement" : "true", + "saml_name_id_format" : "username", + "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "protocolMappers" : [ { + "id" : "9296daa3-4fc4-4b80-b007-5070f546ae13", + "name" : "X500 surname", + "protocol" : "saml", + "protocolMapper" : "saml-user-property-mapper", + "consentRequired" : false, + "config" : { + "attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", + "user.attribute" : "lastName", + "friendly.name" : "surname", + "attribute.name" : "urn:oid:2.5.4.4" + } + }, { + "id" : "ccecf6e4-d20a-4211-b67c-40200a6b2c5d", + "name" : "username", + "protocol" : "saml", + "protocolMapper" : "saml-user-property-mapper", + "consentRequired" : false, + "config" : { + "attribute.nameformat" : "Basic", + "user.attribute" : "username", + "friendly.name" : "username", + "attribute.name" : "username" + } + }, { + "id" : "53858403-eba2-4f6d-81d0-cced700b5719", + "name" : "X500 givenName", + "protocol" : "saml", + "protocolMapper" : "saml-user-property-mapper", + "consentRequired" : false, + "config" : { + "attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", + "user.attribute" : "firstName", + "friendly.name" : "givenName", + "attribute.name" : "urn:oid:2.5.4.42" + } + }, { + "id" : "20034db5-1d0e-4e66-b815-fb0440c6d1e2", + "name" : "X500 email", + "protocol" : "saml", + "protocolMapper" : "saml-user-property-mapper", + "consentRequired" : false, + "config" : { + "attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", + "user.attribute" : "email", + "friendly.name" : "email", + "attribute.name" : "urn:oid:1.2.840.113549.1.9.1" + } + } ], + "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ], + "access" : { + "view" : true, + "configure" : true, + "manage" : true + } + } \ No newline at end of file diff --git a/scripts/keycloak/templates/sp_nextcloud.json b/scripts/keycloak/templates/sp_nextcloud.json new file mode 100644 index 0000000..1f1b871 --- /dev/null +++ b/scripts/keycloak/templates/sp_nextcloud.json @@ -0,0 +1,82 @@ +, { + "id" : "bef873f0-2079-4876-8657-067de27d01b7", + "clientId" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/metadata", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/acs" ], + "webOrigins" : [ "https://nextcloud.[[DOMAIN]]" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : true, + "protocol" : "saml", + "attributes" : { + "saml.assertion.signature" : "true", + "saml.force.post.binding" : "true", + "saml_assertion_consumer_url_post" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/acs", + "saml.server.signature" : "true", + "saml.server.signature.keyinfo.ext" : "false", + "saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]", + "saml_single_logout_service_url_redirect" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/sls", + "saml.signature.algorithm" : "RSA_SHA256", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "true", + "saml.authnstatement" : "true", + "saml_name_id_format" : "username", + "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "protocolMappers" : [ { + "id" : "e8e4acff-da2b-46aa-8bdb-ba42171671d6", + "name" : "username", + "protocol" : "saml", + "protocolMapper" : "saml-user-attribute-mapper", + "consentRequired" : false, + "config" : { + "attribute.nameformat" : "Basic", + "user.attribute" : "username", + "friendly.name" : "username", + "attribute.name" : "username" + } + }, { + "id" : "28206b59-757b-4e3c-81cb-0b6053b1fd3d", + "name" : "email", + "protocol" : "saml", + "protocolMapper" : "saml-user-property-mapper", + "consentRequired" : false, + "config" : { + "attribute.nameformat" : "Basic", + "user.attribute" : "email", + "friendly.name" : "email", + "attribute.name" : "email" + } + }, { + "id" : "e51e04b9-f71a-42de-819e-dd9285246ada", + "name" : "Roles", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "true", + "attribute.nameformat" : "Basic", + "friendly.name" : "Roles", + "attribute.name" : "Roles" + } + } ], + "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ], + "access" : { + "view" : true, + "configure" : true, + "manage" : true + } + } \ No newline at end of file diff --git a/scripts/keycloak/templates/sp_wordpress.json b/scripts/keycloak/templates/sp_wordpress.json new file mode 100644 index 0000000..e44a427 --- /dev/null +++ b/scripts/keycloak/templates/sp_wordpress.json @@ -0,0 +1,81 @@ +{ + "id" : "630601f8-25d1-4822-8741-c93affd2cd84", + "clientId" : "php-saml", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "https://wp.[[DOMAIN]]/wp-login.php?saml_acs" ], + "webOrigins" : [ "https://wp.[[DOMAIN]]" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : true, + "protocol" : "saml", + "attributes" : { + "saml.force.post.binding" : "true", + "saml_assertion_consumer_url_post" : "https://wp.[[DOMAIN]]/wp-login.php?saml_acs", + "saml.server.signature" : "true", + "saml.server.signature.keyinfo.ext" : "false", + "saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]", + "saml_single_logout_service_url_redirect" : "https://wp.[[DOMAIN]]/wp-login.php?saml_sls", + "saml.signature.algorithm" : "RSA_SHA256", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "true", + "saml.authnstatement" : "true", + "saml_name_id_format" : "username", + "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "protocolMappers" : [ { + "id" : "72c6175e-bd07-4c27-abd6-4e4ae38d834b", + "name" : "username", + "protocol" : "saml", + "protocolMapper" : "saml-user-attribute-mapper", + "consentRequired" : false, + "config" : { + "attribute.nameformat" : "Basic", + "user.attribute" : "username", + "friendly.name" : "username", + "attribute.name" : "username" + } + }, { + "id" : "abd6562f-4732-4da9-987f-b1a6ad6605fa", + "name" : "roles", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "true", + "attribute.nameformat" : "Basic", + "friendly.name" : "Roles", + "attribute.name" : "Role" + } + }, { + "id" : "50aafb71-d91c-4bc7-bb60-e1ae0222aab3", + "name" : "email", + "protocol" : "saml", + "protocolMapper" : "saml-user-property-mapper", + "consentRequired" : false, + "config" : { + "attribute.nameformat" : "Basic", + "user.attribute" : "email", + "friendly.name" : "email", + "attribute.name" : "email" + } + } ], + "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ], + "access" : { + "view" : true, + "configure" : true, + "manage" : true + } + } \ No newline at end of file