From 6138e9c65b7af8ccc51db47dc791f2b71b6a44eb Mon Sep 17 00:00:00 2001 From: root Date: Fri, 21 May 2021 18:44:25 +0200 Subject: [PATCH] added keycloak python lib --- admin/docker/requirements.pip3 | 1 + .../keycloak_client_exc.cpython-38.pyc | Bin 0 -> 424 bytes admin/src/tests/keycloak_client.py | 102 +++++++ admin/src/tests/keycloak_client_exc.py | 5 + config/dd.sh | 13 +- isard-sso | 2 +- scripts/keycloak/templates/clients.json | 286 ------------------ scripts/keycloak/templates/sp_moodle.json | 95 ++++++ scripts/keycloak/templates/sp_nextcloud.json | 82 +++++ scripts/keycloak/templates/sp_wordpress.json | 81 +++++ 10 files changed, 378 insertions(+), 289 deletions(-) create mode 100644 admin/src/tests/__pycache__/keycloak_client_exc.cpython-38.pyc create mode 100644 admin/src/tests/keycloak_client.py create mode 100644 admin/src/tests/keycloak_client_exc.py delete mode 100644 scripts/keycloak/templates/clients.json create mode 100644 scripts/keycloak/templates/sp_moodle.json create mode 100644 scripts/keycloak/templates/sp_nextcloud.json create mode 100644 scripts/keycloak/templates/sp_wordpress.json diff --git a/admin/docker/requirements.pip3 b/admin/docker/requirements.pip3 index 1ca641a..76b9c90 100644 --- a/admin/docker/requirements.pip3 +++ b/admin/docker/requirements.pip3 @@ -1,3 +1,4 @@ +python-keycloak==0.24.0 bcrypt==3.1.7 cffi==1.14.0 click==7.1.2 diff --git a/admin/src/tests/__pycache__/keycloak_client_exc.cpython-38.pyc b/admin/src/tests/__pycache__/keycloak_client_exc.cpython-38.pyc new file mode 100644 index 0000000000000000000000000000000000000000..59e37c4d499e934a197d37b142e574474bf65733 GIT binary patch literal 424 zcmb7AyKcfT6!n9)DI!(>fi5iM2M}V3*s`=;vRoqDLqs0b4pNxmUl2dU;Gs+ZqEoLO zr4*?PS31W&_SLz^eh99wg0v)(NP0jhvgav9%_K+7y=HRo zN+x##JFkkOS|H2_Ns*LFk}^rLm)UTwcA}`Wb*y!*lM}ZAK$VpWzzzY*T5b!s9|3%9 zv!c5>5q*zVp1#LXCd<5v8f6+2^>!eNTvZLIR!lcL?IJiBh7?e*Z_4@98^>*qa}w>0 rE-AX*gF6e5+^_YcoK7a(KE|z3n keycloak/realm.json -echo "Dump realm.json" +echo "Dump clients.json" docker exec -i isard-sso-keycloak sh -c '/opt/jboss/keycloak/bin/kcadm.sh \ config credentials --server http://localhost:8080/auth \ --realm master --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD &> /dev/null && \ /opt/jboss/keycloak/bin/kcadm.sh \ - get realms/master' > keycloak/realm.json \ No newline at end of file + get clients' > keycloak/clients.json + +kcadm.sh create realms -f - << EOF +{ "realm": "demorealm", "enabled": true } +EOF + + +### NEW + +./kcadm.sh update realms/master -f realm.json \ No newline at end of file diff --git a/isard-sso b/isard-sso index 174a6d3..790afd2 160000 --- a/isard-sso +++ b/isard-sso @@ -1 +1 @@ -Subproject commit 174a6d3ae524f08d72056b571fd41a6975cb8cf1 +Subproject commit 790afd2a9c70618e422b0e69ffa702f80a4ee1a6 diff --git a/scripts/keycloak/templates/clients.json b/scripts/keycloak/templates/clients.json deleted file mode 100644 index 841e07e..0000000 --- a/scripts/keycloak/templates/clients.json +++ /dev/null @@ -1,286 +0,0 @@ -[ { - "id" : "a92d5417-92b6-4678-9cb9-51bc0edcee8c", - "clientId" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/metadata.php", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-acs.php/moodle.[[DOMAIN]]" ], - "webOrigins" : [ "https://moodle.[[DOMAIN]]" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : true, - "protocol" : "saml", - "attributes" : { - "saml.force.post.binding" : "true", - "saml.encrypt" : "true", - "saml_assertion_consumer_url_post" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-acs.php/moodle.[[DOMAIN]]", - "saml.server.signature" : "true", - "saml.server.signature.keyinfo.ext" : "false", - "saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]", - "saml_single_logout_service_url_redirect" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-logout.php/moodle.[[DOMAIN]]", - "saml.signature.algorithm" : "RSA_SHA256", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "true", - "saml.encryption.certificate" : "[[ENCRYPTION_CERTIFICATE]]", - "saml.authnstatement" : "true", - "saml_name_id_format" : "username", - "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "9296daa3-4fc4-4b80-b007-5070f546ae13", - "name" : "X500 surname", - "protocol" : "saml", - "protocolMapper" : "saml-user-property-mapper", - "consentRequired" : false, - "config" : { - "attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", - "user.attribute" : "lastName", - "friendly.name" : "surname", - "attribute.name" : "urn:oid:2.5.4.4" - } - }, { - "id" : "ccecf6e4-d20a-4211-b67c-40200a6b2c5d", - "name" : "username", - "protocol" : "saml", - "protocolMapper" : "saml-user-property-mapper", - "consentRequired" : false, - "config" : { - "attribute.nameformat" : "Basic", - "user.attribute" : "username", - "friendly.name" : "username", - "attribute.name" : "username" - } - }, { - "id" : "53858403-eba2-4f6d-81d0-cced700b5719", - "name" : "X500 givenName", - "protocol" : "saml", - "protocolMapper" : "saml-user-property-mapper", - "consentRequired" : false, - "config" : { - "attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", - "user.attribute" : "firstName", - "friendly.name" : "givenName", - "attribute.name" : "urn:oid:2.5.4.42" - } - }, { - "id" : "20034db5-1d0e-4e66-b815-fb0440c6d1e2", - "name" : "X500 email", - "protocol" : "saml", - "protocolMapper" : "saml-user-property-mapper", - "consentRequired" : false, - "config" : { - "attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", - "user.attribute" : "email", - "friendly.name" : "email", - "attribute.name" : "urn:oid:1.2.840.113549.1.9.1" - } - } ], - "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ], - "access" : { - "view" : true, - "configure" : true, - "manage" : true - } -}, { - "id" : "bef873f0-2079-4876-8657-067de27d01b7", - "clientId" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/metadata", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/acs" ], - "webOrigins" : [ "https://nextcloud.[[DOMAIN]]" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : true, - "protocol" : "saml", - "attributes" : { - "saml.assertion.signature" : "true", - "saml.force.post.binding" : "true", - "saml_assertion_consumer_url_post" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/acs", - "saml.server.signature" : "true", - "saml.server.signature.keyinfo.ext" : "false", - "saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]", - "saml_single_logout_service_url_redirect" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/sls", - "saml.signature.algorithm" : "RSA_SHA256", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "true", - "saml.authnstatement" : "true", - "saml_name_id_format" : "username", - "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "e8e4acff-da2b-46aa-8bdb-ba42171671d6", - "name" : "username", - "protocol" : "saml", - "protocolMapper" : "saml-user-attribute-mapper", - "consentRequired" : false, - "config" : { - "attribute.nameformat" : "Basic", - "user.attribute" : "username", - "friendly.name" : "username", - "attribute.name" : "username" - } - }, { - "id" : "28206b59-757b-4e3c-81cb-0b6053b1fd3d", - "name" : "email", - "protocol" : "saml", - "protocolMapper" : "saml-user-property-mapper", - "consentRequired" : false, - "config" : { - "attribute.nameformat" : "Basic", - "user.attribute" : "email", - "friendly.name" : "email", - "attribute.name" : "email" - } - }, { - "id" : "e51e04b9-f71a-42de-819e-dd9285246ada", - "name" : "Roles", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "true", - "attribute.nameformat" : "Basic", - "friendly.name" : "Roles", - "attribute.name" : "Roles" - } - } ], - "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ], - "access" : { - "view" : true, - "configure" : true, - "manage" : true - } -}, { - "id" : "78a85fd1-869d-4ba4-8391-5708f7d1abe6", - "clientId" : "master-realm", - "name" : "master Realm", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : true, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : false, - "attributes" : { }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : 0, - "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ], - "access" : { - "view" : true, - "configure" : true, - "manage" : true - } -}, { - "id" : "630601f8-25d1-4822-8741-c93affd2cd84", - "clientId" : "php-saml", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "redirectUris" : [ "https://wp.[[DOMAIN]]/wp-login.php?saml_acs" ], - "webOrigins" : [ "https://wp.[[DOMAIN]]" ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : false, - "directAccessGrantsEnabled" : false, - "serviceAccountsEnabled" : false, - "publicClient" : false, - "frontchannelLogout" : true, - "protocol" : "saml", - "attributes" : { - "saml.force.post.binding" : "true", - "saml_assertion_consumer_url_post" : "https://wp.[[DOMAIN]]/wp-login.php?saml_acs", - "saml.server.signature" : "true", - "saml.server.signature.keyinfo.ext" : "false", - "saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]", - "saml_single_logout_service_url_redirect" : "https://wp.[[DOMAIN]]/wp-login.php?saml_sls", - "saml.signature.algorithm" : "RSA_SHA256", - "saml_force_name_id_format" : "false", - "saml.client.signature" : "true", - "saml.authnstatement" : "true", - "saml_name_id_format" : "username", - "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "72c6175e-bd07-4c27-abd6-4e4ae38d834b", - "name" : "username", - "protocol" : "saml", - "protocolMapper" : "saml-user-attribute-mapper", - "consentRequired" : false, - "config" : { - "attribute.nameformat" : "Basic", - "user.attribute" : "username", - "friendly.name" : "username", - "attribute.name" : "username" - } - }, { - "id" : "abd6562f-4732-4da9-987f-b1a6ad6605fa", - "name" : "roles", - "protocol" : "saml", - "protocolMapper" : "saml-role-list-mapper", - "consentRequired" : false, - "config" : { - "single" : "true", - "attribute.nameformat" : "Basic", - "friendly.name" : "Roles", - "attribute.name" : "Role" - } - }, { - "id" : "50aafb71-d91c-4bc7-bb60-e1ae0222aab3", - "name" : "email", - "protocol" : "saml", - "protocolMapper" : "saml-user-property-mapper", - "consentRequired" : false, - "config" : { - "attribute.nameformat" : "Basic", - "user.attribute" : "email", - "friendly.name" : "email", - "attribute.name" : "email" - } - } ], - "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ], - "access" : { - "view" : true, - "configure" : true, - "manage" : true - } -} ] \ No newline at end of file diff --git a/scripts/keycloak/templates/sp_moodle.json b/scripts/keycloak/templates/sp_moodle.json new file mode 100644 index 0000000..84eebb4 --- /dev/null +++ b/scripts/keycloak/templates/sp_moodle.json @@ -0,0 +1,95 @@ +{ + "id" : "a92d5417-92b6-4678-9cb9-51bc0edcee8c", + "clientId" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/metadata.php", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-acs.php/moodle.[[DOMAIN]]" ], + "webOrigins" : [ "https://moodle.[[DOMAIN]]" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : true, + "protocol" : "saml", + "attributes" : { + "saml.force.post.binding" : "true", + "saml.encrypt" : "true", + "saml_assertion_consumer_url_post" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-acs.php/moodle.[[DOMAIN]]", + "saml.server.signature" : "true", + "saml.server.signature.keyinfo.ext" : "false", + "saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]", + "saml_single_logout_service_url_redirect" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-logout.php/moodle.[[DOMAIN]]", + "saml.signature.algorithm" : "RSA_SHA256", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "true", + "saml.encryption.certificate" : "[[ENCRYPTION_CERTIFICATE]]", + "saml.authnstatement" : "true", + "saml_name_id_format" : "username", + "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "protocolMappers" : [ { + "id" : "9296daa3-4fc4-4b80-b007-5070f546ae13", + "name" : "X500 surname", + "protocol" : "saml", + "protocolMapper" : "saml-user-property-mapper", + "consentRequired" : false, + "config" : { + "attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", + "user.attribute" : "lastName", + "friendly.name" : "surname", + "attribute.name" : "urn:oid:2.5.4.4" + } + }, { + "id" : "ccecf6e4-d20a-4211-b67c-40200a6b2c5d", + "name" : "username", + "protocol" : "saml", + "protocolMapper" : "saml-user-property-mapper", + "consentRequired" : false, + "config" : { + "attribute.nameformat" : "Basic", + "user.attribute" : "username", + "friendly.name" : "username", + "attribute.name" : "username" + } + }, { + "id" : "53858403-eba2-4f6d-81d0-cced700b5719", + "name" : "X500 givenName", + "protocol" : "saml", + "protocolMapper" : "saml-user-property-mapper", + "consentRequired" : false, + "config" : { + "attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", + "user.attribute" : "firstName", + "friendly.name" : "givenName", + "attribute.name" : "urn:oid:2.5.4.42" + } + }, { + "id" : "20034db5-1d0e-4e66-b815-fb0440c6d1e2", + "name" : "X500 email", + "protocol" : "saml", + "protocolMapper" : "saml-user-property-mapper", + "consentRequired" : false, + "config" : { + "attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri", + "user.attribute" : "email", + "friendly.name" : "email", + "attribute.name" : "urn:oid:1.2.840.113549.1.9.1" + } + } ], + "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ], + "access" : { + "view" : true, + "configure" : true, + "manage" : true + } + } \ No newline at end of file diff --git a/scripts/keycloak/templates/sp_nextcloud.json b/scripts/keycloak/templates/sp_nextcloud.json new file mode 100644 index 0000000..1f1b871 --- /dev/null +++ b/scripts/keycloak/templates/sp_nextcloud.json @@ -0,0 +1,82 @@ +, { + "id" : "bef873f0-2079-4876-8657-067de27d01b7", + "clientId" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/metadata", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/acs" ], + "webOrigins" : [ "https://nextcloud.[[DOMAIN]]" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : true, + "protocol" : "saml", + "attributes" : { + "saml.assertion.signature" : "true", + "saml.force.post.binding" : "true", + "saml_assertion_consumer_url_post" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/acs", + "saml.server.signature" : "true", + "saml.server.signature.keyinfo.ext" : "false", + "saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]", + "saml_single_logout_service_url_redirect" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/sls", + "saml.signature.algorithm" : "RSA_SHA256", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "true", + "saml.authnstatement" : "true", + "saml_name_id_format" : "username", + "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "protocolMappers" : [ { + "id" : "e8e4acff-da2b-46aa-8bdb-ba42171671d6", + "name" : "username", + "protocol" : "saml", + "protocolMapper" : "saml-user-attribute-mapper", + "consentRequired" : false, + "config" : { + "attribute.nameformat" : "Basic", + "user.attribute" : "username", + "friendly.name" : "username", + "attribute.name" : "username" + } + }, { + "id" : "28206b59-757b-4e3c-81cb-0b6053b1fd3d", + "name" : "email", + "protocol" : "saml", + "protocolMapper" : "saml-user-property-mapper", + "consentRequired" : false, + "config" : { + "attribute.nameformat" : "Basic", + "user.attribute" : "email", + "friendly.name" : "email", + "attribute.name" : "email" + } + }, { + "id" : "e51e04b9-f71a-42de-819e-dd9285246ada", + "name" : "Roles", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "true", + "attribute.nameformat" : "Basic", + "friendly.name" : "Roles", + "attribute.name" : "Roles" + } + } ], + "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ], + "access" : { + "view" : true, + "configure" : true, + "manage" : true + } + } \ No newline at end of file diff --git a/scripts/keycloak/templates/sp_wordpress.json b/scripts/keycloak/templates/sp_wordpress.json new file mode 100644 index 0000000..e44a427 --- /dev/null +++ b/scripts/keycloak/templates/sp_wordpress.json @@ -0,0 +1,81 @@ +{ + "id" : "630601f8-25d1-4822-8741-c93affd2cd84", + "clientId" : "php-saml", + "surrogateAuthRequired" : false, + "enabled" : true, + "alwaysDisplayInConsole" : false, + "clientAuthenticatorType" : "client-secret", + "redirectUris" : [ "https://wp.[[DOMAIN]]/wp-login.php?saml_acs" ], + "webOrigins" : [ "https://wp.[[DOMAIN]]" ], + "notBefore" : 0, + "bearerOnly" : false, + "consentRequired" : false, + "standardFlowEnabled" : true, + "implicitFlowEnabled" : false, + "directAccessGrantsEnabled" : false, + "serviceAccountsEnabled" : false, + "publicClient" : false, + "frontchannelLogout" : true, + "protocol" : "saml", + "attributes" : { + "saml.force.post.binding" : "true", + "saml_assertion_consumer_url_post" : "https://wp.[[DOMAIN]]/wp-login.php?saml_acs", + "saml.server.signature" : "true", + "saml.server.signature.keyinfo.ext" : "false", + "saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]", + "saml_single_logout_service_url_redirect" : "https://wp.[[DOMAIN]]/wp-login.php?saml_sls", + "saml.signature.algorithm" : "RSA_SHA256", + "saml_force_name_id_format" : "false", + "saml.client.signature" : "true", + "saml.authnstatement" : "true", + "saml_name_id_format" : "username", + "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#" + }, + "authenticationFlowBindingOverrides" : { }, + "fullScopeAllowed" : true, + "nodeReRegistrationTimeout" : -1, + "protocolMappers" : [ { + "id" : "72c6175e-bd07-4c27-abd6-4e4ae38d834b", + "name" : "username", + "protocol" : "saml", + "protocolMapper" : "saml-user-attribute-mapper", + "consentRequired" : false, + "config" : { + "attribute.nameformat" : "Basic", + "user.attribute" : "username", + "friendly.name" : "username", + "attribute.name" : "username" + } + }, { + "id" : "abd6562f-4732-4da9-987f-b1a6ad6605fa", + "name" : "roles", + "protocol" : "saml", + "protocolMapper" : "saml-role-list-mapper", + "consentRequired" : false, + "config" : { + "single" : "true", + "attribute.nameformat" : "Basic", + "friendly.name" : "Roles", + "attribute.name" : "Role" + } + }, { + "id" : "50aafb71-d91c-4bc7-bb60-e1ae0222aab3", + "name" : "email", + "protocol" : "saml", + "protocolMapper" : "saml-user-property-mapper", + "consentRequired" : false, + "config" : { + "attribute.nameformat" : "Basic", + "user.attribute" : "email", + "friendly.name" : "email", + "attribute.name" : "email" + } + } ], + "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ], + "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ], + "access" : { + "view" : true, + "configure" : true, + "manage" : true + } + } \ No newline at end of file