added keycloak python lib
parent
9f3952dc86
commit
6138e9c65b
|
@ -1,3 +1,4 @@
|
||||||
|
python-keycloak==0.24.0
|
||||||
bcrypt==3.1.7
|
bcrypt==3.1.7
|
||||||
cffi==1.14.0
|
cffi==1.14.0
|
||||||
click==7.1.2
|
click==7.1.2
|
||||||
|
|
Binary file not shown.
|
@ -0,0 +1,102 @@
|
||||||
|
import os,time,requests,json,getpass,pprint
|
||||||
|
import traceback
|
||||||
|
|
||||||
|
from keycloak_client_exc import *
|
||||||
|
|
||||||
|
class ApiClient():
|
||||||
|
def __init__(self,realm='master'):
|
||||||
|
##server=os.environ['KEYCLOAK_HOST']
|
||||||
|
server='isard-sso-keycloak'
|
||||||
|
self.base_url="http://"+server+":8080/auth/realms/"+realm
|
||||||
|
self.headers={"Content-Type": "application/x-www-form-urlencoded"}
|
||||||
|
self.payload={'username':'admin',
|
||||||
|
'password':'keycloakkeycloak',
|
||||||
|
'grant_type':'password',
|
||||||
|
'client_id':'admin-cli'}
|
||||||
|
self.token=self.get_token()
|
||||||
|
self.admin_url="http://"+server+":8080/auth/admin/realms/"+realm
|
||||||
|
# /admin/realms/${KEYCLOAK_REALM}/users/${$USER_ID}"
|
||||||
|
self.admin_headers={"Accept": "application/json",
|
||||||
|
"Authorization": "Bearer "+self.token}
|
||||||
|
|
||||||
|
def get_token(self):
|
||||||
|
path="/protocol/openid-connect/token"
|
||||||
|
resp = requests.post(self.base_url+path, data=self.payload, headers=self.headers)
|
||||||
|
if resp.status_code == 200: return json.loads(resp.text)['access_token']
|
||||||
|
print(" URL: "+self.base_url+path)
|
||||||
|
print("STATUS CODE: "+str(resp.status_code))
|
||||||
|
print(" RESPONSE: "+resp.text)
|
||||||
|
exit(1)
|
||||||
|
|
||||||
|
def get(self,path,status_code=200,data={},params={}):
|
||||||
|
resp = requests.get(self.admin_url+path, data=data, params=params, headers=self.admin_headers)
|
||||||
|
if resp.status_code == status_code: return json.loads(resp.text)
|
||||||
|
print(" URL: "+self.admin_url+path)
|
||||||
|
print("STATUS CODE: "+str(resp.status_code))
|
||||||
|
print(" RESPONSE: "+resp.text)
|
||||||
|
raise
|
||||||
|
|
||||||
|
def post(self,path,status_code=200,data={},params={},json={}):
|
||||||
|
resp = requests.post(self.admin_url+path, data=data, params=params, json=json, headers=self.admin_headers)
|
||||||
|
#if resp.status_code == status_code: return True
|
||||||
|
print(" URL: "+self.admin_url+path)
|
||||||
|
print("STATUS CODE: "+str(resp.status_code))
|
||||||
|
print(" RESPONSE: "+resp.text)
|
||||||
|
if resp.status_code == 409: raise keycloakUsernameEmailExists
|
||||||
|
raise keycloakError
|
||||||
|
|
||||||
|
class KeycloakClient():
|
||||||
|
def __init__(self,realm='master'):
|
||||||
|
## REFERENCE: https://www.keycloak.org/docs-api/13.0/rest-api/index.html
|
||||||
|
self.api=ApiClient()
|
||||||
|
|
||||||
|
def get_users(self,username=False,exact=True):
|
||||||
|
path='/users'
|
||||||
|
if not username: return self.api.get(path)
|
||||||
|
return self.api.get(path,params={"username":username,'exact':exact})
|
||||||
|
|
||||||
|
def add_user(self,username,first,last,email,password):
|
||||||
|
user={"firstName":first,
|
||||||
|
"lastName":last,
|
||||||
|
"email":last,
|
||||||
|
"enabled":"true",
|
||||||
|
"username":username,
|
||||||
|
"credentials":[{"type":"password",
|
||||||
|
"value":password,
|
||||||
|
"temporary":False}]}
|
||||||
|
try:
|
||||||
|
self.api.post('/users',status_code=201,json=user)
|
||||||
|
return True
|
||||||
|
except keycloakExists:
|
||||||
|
print('Username or email already exists')
|
||||||
|
except:
|
||||||
|
traceback.format_exc()
|
||||||
|
return False
|
||||||
|
|
||||||
|
def get_groups(self,name=False):
|
||||||
|
path='/groups'
|
||||||
|
if not name: return self.api.get(path)
|
||||||
|
return self.api.get(path,params={"name":name})
|
||||||
|
|
||||||
|
def add_group(self,name,subgroups=False):
|
||||||
|
group={"name":name}
|
||||||
|
try:
|
||||||
|
self.api.post('/groups',status_code=201,json=group)
|
||||||
|
return True
|
||||||
|
except keycloakExists:
|
||||||
|
print('Group name already exists')
|
||||||
|
except:
|
||||||
|
traceback.format_exc()
|
||||||
|
return False
|
||||||
|
|
||||||
|
kapi=KeycloakClient()
|
||||||
|
# print('GET USERS')
|
||||||
|
# pprint.pprint(kapi.get_users())
|
||||||
|
# print('GET ADMIN USER')
|
||||||
|
# pprint.pprint(kapi.get_users(username='admin'))
|
||||||
|
# print('ADD USER')
|
||||||
|
# print(kapi.add_user('pepito','Pepito','Grillo','info@info.com','añlsdkjf'))
|
||||||
|
# print('GET GROUPS')
|
||||||
|
# pprint.pprint(kapi.get_groups())
|
||||||
|
print('ADD GROUP')
|
||||||
|
pprint.pprint(kapi.add_group('pepito'))
|
|
@ -0,0 +1,5 @@
|
||||||
|
class keycloakError(Exception):
|
||||||
|
pass
|
||||||
|
|
||||||
|
class keycloakExists(Exception):
|
||||||
|
pass
|
13
config/dd.sh
13
config/dd.sh
|
@ -8,9 +8,18 @@ docker exec -i isard-sso-keycloak sh -c '/opt/jboss/keycloak/bin/kcadm.sh \
|
||||||
/opt/jboss/keycloak/bin/kcadm.sh \
|
/opt/jboss/keycloak/bin/kcadm.sh \
|
||||||
get realms/master' > keycloak/realm.json
|
get realms/master' > keycloak/realm.json
|
||||||
|
|
||||||
echo "Dump realm.json"
|
echo "Dump clients.json"
|
||||||
docker exec -i isard-sso-keycloak sh -c '/opt/jboss/keycloak/bin/kcadm.sh \
|
docker exec -i isard-sso-keycloak sh -c '/opt/jboss/keycloak/bin/kcadm.sh \
|
||||||
config credentials --server http://localhost:8080/auth \
|
config credentials --server http://localhost:8080/auth \
|
||||||
--realm master --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD &> /dev/null && \
|
--realm master --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD &> /dev/null && \
|
||||||
/opt/jboss/keycloak/bin/kcadm.sh \
|
/opt/jboss/keycloak/bin/kcadm.sh \
|
||||||
get realms/master' > keycloak/realm.json
|
get clients' > keycloak/clients.json
|
||||||
|
|
||||||
|
kcadm.sh create realms -f - << EOF
|
||||||
|
{ "realm": "demorealm", "enabled": true }
|
||||||
|
EOF
|
||||||
|
|
||||||
|
|
||||||
|
### NEW
|
||||||
|
|
||||||
|
./kcadm.sh update realms/master -f realm.json
|
|
@ -1 +1 @@
|
||||||
Subproject commit 174a6d3ae524f08d72056b571fd41a6975cb8cf1
|
Subproject commit 790afd2a9c70618e422b0e69ffa702f80a4ee1a6
|
|
@ -1,286 +0,0 @@
|
||||||
[ {
|
|
||||||
"id" : "a92d5417-92b6-4678-9cb9-51bc0edcee8c",
|
|
||||||
"clientId" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/metadata.php",
|
|
||||||
"surrogateAuthRequired" : false,
|
|
||||||
"enabled" : true,
|
|
||||||
"alwaysDisplayInConsole" : false,
|
|
||||||
"clientAuthenticatorType" : "client-secret",
|
|
||||||
"redirectUris" : [ "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-acs.php/moodle.[[DOMAIN]]" ],
|
|
||||||
"webOrigins" : [ "https://moodle.[[DOMAIN]]" ],
|
|
||||||
"notBefore" : 0,
|
|
||||||
"bearerOnly" : false,
|
|
||||||
"consentRequired" : false,
|
|
||||||
"standardFlowEnabled" : true,
|
|
||||||
"implicitFlowEnabled" : false,
|
|
||||||
"directAccessGrantsEnabled" : false,
|
|
||||||
"serviceAccountsEnabled" : false,
|
|
||||||
"publicClient" : false,
|
|
||||||
"frontchannelLogout" : true,
|
|
||||||
"protocol" : "saml",
|
|
||||||
"attributes" : {
|
|
||||||
"saml.force.post.binding" : "true",
|
|
||||||
"saml.encrypt" : "true",
|
|
||||||
"saml_assertion_consumer_url_post" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-acs.php/moodle.[[DOMAIN]]",
|
|
||||||
"saml.server.signature" : "true",
|
|
||||||
"saml.server.signature.keyinfo.ext" : "false",
|
|
||||||
"saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]",
|
|
||||||
"saml_single_logout_service_url_redirect" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-logout.php/moodle.[[DOMAIN]]",
|
|
||||||
"saml.signature.algorithm" : "RSA_SHA256",
|
|
||||||
"saml_force_name_id_format" : "false",
|
|
||||||
"saml.client.signature" : "true",
|
|
||||||
"saml.encryption.certificate" : "[[ENCRYPTION_CERTIFICATE]]",
|
|
||||||
"saml.authnstatement" : "true",
|
|
||||||
"saml_name_id_format" : "username",
|
|
||||||
"saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#"
|
|
||||||
},
|
|
||||||
"authenticationFlowBindingOverrides" : { },
|
|
||||||
"fullScopeAllowed" : true,
|
|
||||||
"nodeReRegistrationTimeout" : -1,
|
|
||||||
"protocolMappers" : [ {
|
|
||||||
"id" : "9296daa3-4fc4-4b80-b007-5070f546ae13",
|
|
||||||
"name" : "X500 surname",
|
|
||||||
"protocol" : "saml",
|
|
||||||
"protocolMapper" : "saml-user-property-mapper",
|
|
||||||
"consentRequired" : false,
|
|
||||||
"config" : {
|
|
||||||
"attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
|
|
||||||
"user.attribute" : "lastName",
|
|
||||||
"friendly.name" : "surname",
|
|
||||||
"attribute.name" : "urn:oid:2.5.4.4"
|
|
||||||
}
|
|
||||||
}, {
|
|
||||||
"id" : "ccecf6e4-d20a-4211-b67c-40200a6b2c5d",
|
|
||||||
"name" : "username",
|
|
||||||
"protocol" : "saml",
|
|
||||||
"protocolMapper" : "saml-user-property-mapper",
|
|
||||||
"consentRequired" : false,
|
|
||||||
"config" : {
|
|
||||||
"attribute.nameformat" : "Basic",
|
|
||||||
"user.attribute" : "username",
|
|
||||||
"friendly.name" : "username",
|
|
||||||
"attribute.name" : "username"
|
|
||||||
}
|
|
||||||
}, {
|
|
||||||
"id" : "53858403-eba2-4f6d-81d0-cced700b5719",
|
|
||||||
"name" : "X500 givenName",
|
|
||||||
"protocol" : "saml",
|
|
||||||
"protocolMapper" : "saml-user-property-mapper",
|
|
||||||
"consentRequired" : false,
|
|
||||||
"config" : {
|
|
||||||
"attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
|
|
||||||
"user.attribute" : "firstName",
|
|
||||||
"friendly.name" : "givenName",
|
|
||||||
"attribute.name" : "urn:oid:2.5.4.42"
|
|
||||||
}
|
|
||||||
}, {
|
|
||||||
"id" : "20034db5-1d0e-4e66-b815-fb0440c6d1e2",
|
|
||||||
"name" : "X500 email",
|
|
||||||
"protocol" : "saml",
|
|
||||||
"protocolMapper" : "saml-user-property-mapper",
|
|
||||||
"consentRequired" : false,
|
|
||||||
"config" : {
|
|
||||||
"attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
|
|
||||||
"user.attribute" : "email",
|
|
||||||
"friendly.name" : "email",
|
|
||||||
"attribute.name" : "urn:oid:1.2.840.113549.1.9.1"
|
|
||||||
}
|
|
||||||
} ],
|
|
||||||
"defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
|
|
||||||
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
|
|
||||||
"access" : {
|
|
||||||
"view" : true,
|
|
||||||
"configure" : true,
|
|
||||||
"manage" : true
|
|
||||||
}
|
|
||||||
}, {
|
|
||||||
"id" : "bef873f0-2079-4876-8657-067de27d01b7",
|
|
||||||
"clientId" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/metadata",
|
|
||||||
"surrogateAuthRequired" : false,
|
|
||||||
"enabled" : true,
|
|
||||||
"alwaysDisplayInConsole" : false,
|
|
||||||
"clientAuthenticatorType" : "client-secret",
|
|
||||||
"redirectUris" : [ "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/acs" ],
|
|
||||||
"webOrigins" : [ "https://nextcloud.[[DOMAIN]]" ],
|
|
||||||
"notBefore" : 0,
|
|
||||||
"bearerOnly" : false,
|
|
||||||
"consentRequired" : false,
|
|
||||||
"standardFlowEnabled" : true,
|
|
||||||
"implicitFlowEnabled" : false,
|
|
||||||
"directAccessGrantsEnabled" : false,
|
|
||||||
"serviceAccountsEnabled" : false,
|
|
||||||
"publicClient" : false,
|
|
||||||
"frontchannelLogout" : true,
|
|
||||||
"protocol" : "saml",
|
|
||||||
"attributes" : {
|
|
||||||
"saml.assertion.signature" : "true",
|
|
||||||
"saml.force.post.binding" : "true",
|
|
||||||
"saml_assertion_consumer_url_post" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/acs",
|
|
||||||
"saml.server.signature" : "true",
|
|
||||||
"saml.server.signature.keyinfo.ext" : "false",
|
|
||||||
"saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]",
|
|
||||||
"saml_single_logout_service_url_redirect" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/sls",
|
|
||||||
"saml.signature.algorithm" : "RSA_SHA256",
|
|
||||||
"saml_force_name_id_format" : "false",
|
|
||||||
"saml.client.signature" : "true",
|
|
||||||
"saml.authnstatement" : "true",
|
|
||||||
"saml_name_id_format" : "username",
|
|
||||||
"saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#"
|
|
||||||
},
|
|
||||||
"authenticationFlowBindingOverrides" : { },
|
|
||||||
"fullScopeAllowed" : true,
|
|
||||||
"nodeReRegistrationTimeout" : -1,
|
|
||||||
"protocolMappers" : [ {
|
|
||||||
"id" : "e8e4acff-da2b-46aa-8bdb-ba42171671d6",
|
|
||||||
"name" : "username",
|
|
||||||
"protocol" : "saml",
|
|
||||||
"protocolMapper" : "saml-user-attribute-mapper",
|
|
||||||
"consentRequired" : false,
|
|
||||||
"config" : {
|
|
||||||
"attribute.nameformat" : "Basic",
|
|
||||||
"user.attribute" : "username",
|
|
||||||
"friendly.name" : "username",
|
|
||||||
"attribute.name" : "username"
|
|
||||||
}
|
|
||||||
}, {
|
|
||||||
"id" : "28206b59-757b-4e3c-81cb-0b6053b1fd3d",
|
|
||||||
"name" : "email",
|
|
||||||
"protocol" : "saml",
|
|
||||||
"protocolMapper" : "saml-user-property-mapper",
|
|
||||||
"consentRequired" : false,
|
|
||||||
"config" : {
|
|
||||||
"attribute.nameformat" : "Basic",
|
|
||||||
"user.attribute" : "email",
|
|
||||||
"friendly.name" : "email",
|
|
||||||
"attribute.name" : "email"
|
|
||||||
}
|
|
||||||
}, {
|
|
||||||
"id" : "e51e04b9-f71a-42de-819e-dd9285246ada",
|
|
||||||
"name" : "Roles",
|
|
||||||
"protocol" : "saml",
|
|
||||||
"protocolMapper" : "saml-role-list-mapper",
|
|
||||||
"consentRequired" : false,
|
|
||||||
"config" : {
|
|
||||||
"single" : "true",
|
|
||||||
"attribute.nameformat" : "Basic",
|
|
||||||
"friendly.name" : "Roles",
|
|
||||||
"attribute.name" : "Roles"
|
|
||||||
}
|
|
||||||
} ],
|
|
||||||
"defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
|
|
||||||
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
|
|
||||||
"access" : {
|
|
||||||
"view" : true,
|
|
||||||
"configure" : true,
|
|
||||||
"manage" : true
|
|
||||||
}
|
|
||||||
}, {
|
|
||||||
"id" : "78a85fd1-869d-4ba4-8391-5708f7d1abe6",
|
|
||||||
"clientId" : "master-realm",
|
|
||||||
"name" : "master Realm",
|
|
||||||
"surrogateAuthRequired" : false,
|
|
||||||
"enabled" : true,
|
|
||||||
"alwaysDisplayInConsole" : false,
|
|
||||||
"clientAuthenticatorType" : "client-secret",
|
|
||||||
"redirectUris" : [ ],
|
|
||||||
"webOrigins" : [ ],
|
|
||||||
"notBefore" : 0,
|
|
||||||
"bearerOnly" : true,
|
|
||||||
"consentRequired" : false,
|
|
||||||
"standardFlowEnabled" : true,
|
|
||||||
"implicitFlowEnabled" : false,
|
|
||||||
"directAccessGrantsEnabled" : false,
|
|
||||||
"serviceAccountsEnabled" : false,
|
|
||||||
"publicClient" : false,
|
|
||||||
"frontchannelLogout" : false,
|
|
||||||
"attributes" : { },
|
|
||||||
"authenticationFlowBindingOverrides" : { },
|
|
||||||
"fullScopeAllowed" : true,
|
|
||||||
"nodeReRegistrationTimeout" : 0,
|
|
||||||
"defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
|
|
||||||
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
|
|
||||||
"access" : {
|
|
||||||
"view" : true,
|
|
||||||
"configure" : true,
|
|
||||||
"manage" : true
|
|
||||||
}
|
|
||||||
}, {
|
|
||||||
"id" : "630601f8-25d1-4822-8741-c93affd2cd84",
|
|
||||||
"clientId" : "php-saml",
|
|
||||||
"surrogateAuthRequired" : false,
|
|
||||||
"enabled" : true,
|
|
||||||
"alwaysDisplayInConsole" : false,
|
|
||||||
"clientAuthenticatorType" : "client-secret",
|
|
||||||
"redirectUris" : [ "https://wp.[[DOMAIN]]/wp-login.php?saml_acs" ],
|
|
||||||
"webOrigins" : [ "https://wp.[[DOMAIN]]" ],
|
|
||||||
"notBefore" : 0,
|
|
||||||
"bearerOnly" : false,
|
|
||||||
"consentRequired" : false,
|
|
||||||
"standardFlowEnabled" : true,
|
|
||||||
"implicitFlowEnabled" : false,
|
|
||||||
"directAccessGrantsEnabled" : false,
|
|
||||||
"serviceAccountsEnabled" : false,
|
|
||||||
"publicClient" : false,
|
|
||||||
"frontchannelLogout" : true,
|
|
||||||
"protocol" : "saml",
|
|
||||||
"attributes" : {
|
|
||||||
"saml.force.post.binding" : "true",
|
|
||||||
"saml_assertion_consumer_url_post" : "https://wp.[[DOMAIN]]/wp-login.php?saml_acs",
|
|
||||||
"saml.server.signature" : "true",
|
|
||||||
"saml.server.signature.keyinfo.ext" : "false",
|
|
||||||
"saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]",
|
|
||||||
"saml_single_logout_service_url_redirect" : "https://wp.[[DOMAIN]]/wp-login.php?saml_sls",
|
|
||||||
"saml.signature.algorithm" : "RSA_SHA256",
|
|
||||||
"saml_force_name_id_format" : "false",
|
|
||||||
"saml.client.signature" : "true",
|
|
||||||
"saml.authnstatement" : "true",
|
|
||||||
"saml_name_id_format" : "username",
|
|
||||||
"saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#"
|
|
||||||
},
|
|
||||||
"authenticationFlowBindingOverrides" : { },
|
|
||||||
"fullScopeAllowed" : true,
|
|
||||||
"nodeReRegistrationTimeout" : -1,
|
|
||||||
"protocolMappers" : [ {
|
|
||||||
"id" : "72c6175e-bd07-4c27-abd6-4e4ae38d834b",
|
|
||||||
"name" : "username",
|
|
||||||
"protocol" : "saml",
|
|
||||||
"protocolMapper" : "saml-user-attribute-mapper",
|
|
||||||
"consentRequired" : false,
|
|
||||||
"config" : {
|
|
||||||
"attribute.nameformat" : "Basic",
|
|
||||||
"user.attribute" : "username",
|
|
||||||
"friendly.name" : "username",
|
|
||||||
"attribute.name" : "username"
|
|
||||||
}
|
|
||||||
}, {
|
|
||||||
"id" : "abd6562f-4732-4da9-987f-b1a6ad6605fa",
|
|
||||||
"name" : "roles",
|
|
||||||
"protocol" : "saml",
|
|
||||||
"protocolMapper" : "saml-role-list-mapper",
|
|
||||||
"consentRequired" : false,
|
|
||||||
"config" : {
|
|
||||||
"single" : "true",
|
|
||||||
"attribute.nameformat" : "Basic",
|
|
||||||
"friendly.name" : "Roles",
|
|
||||||
"attribute.name" : "Role"
|
|
||||||
}
|
|
||||||
}, {
|
|
||||||
"id" : "50aafb71-d91c-4bc7-bb60-e1ae0222aab3",
|
|
||||||
"name" : "email",
|
|
||||||
"protocol" : "saml",
|
|
||||||
"protocolMapper" : "saml-user-property-mapper",
|
|
||||||
"consentRequired" : false,
|
|
||||||
"config" : {
|
|
||||||
"attribute.nameformat" : "Basic",
|
|
||||||
"user.attribute" : "email",
|
|
||||||
"friendly.name" : "email",
|
|
||||||
"attribute.name" : "email"
|
|
||||||
}
|
|
||||||
} ],
|
|
||||||
"defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
|
|
||||||
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
|
|
||||||
"access" : {
|
|
||||||
"view" : true,
|
|
||||||
"configure" : true,
|
|
||||||
"manage" : true
|
|
||||||
}
|
|
||||||
} ]
|
|
|
@ -0,0 +1,95 @@
|
||||||
|
{
|
||||||
|
"id" : "a92d5417-92b6-4678-9cb9-51bc0edcee8c",
|
||||||
|
"clientId" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/metadata.php",
|
||||||
|
"surrogateAuthRequired" : false,
|
||||||
|
"enabled" : true,
|
||||||
|
"alwaysDisplayInConsole" : false,
|
||||||
|
"clientAuthenticatorType" : "client-secret",
|
||||||
|
"redirectUris" : [ "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-acs.php/moodle.[[DOMAIN]]" ],
|
||||||
|
"webOrigins" : [ "https://moodle.[[DOMAIN]]" ],
|
||||||
|
"notBefore" : 0,
|
||||||
|
"bearerOnly" : false,
|
||||||
|
"consentRequired" : false,
|
||||||
|
"standardFlowEnabled" : true,
|
||||||
|
"implicitFlowEnabled" : false,
|
||||||
|
"directAccessGrantsEnabled" : false,
|
||||||
|
"serviceAccountsEnabled" : false,
|
||||||
|
"publicClient" : false,
|
||||||
|
"frontchannelLogout" : true,
|
||||||
|
"protocol" : "saml",
|
||||||
|
"attributes" : {
|
||||||
|
"saml.force.post.binding" : "true",
|
||||||
|
"saml.encrypt" : "true",
|
||||||
|
"saml_assertion_consumer_url_post" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-acs.php/moodle.[[DOMAIN]]",
|
||||||
|
"saml.server.signature" : "true",
|
||||||
|
"saml.server.signature.keyinfo.ext" : "false",
|
||||||
|
"saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]",
|
||||||
|
"saml_single_logout_service_url_redirect" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-logout.php/moodle.[[DOMAIN]]",
|
||||||
|
"saml.signature.algorithm" : "RSA_SHA256",
|
||||||
|
"saml_force_name_id_format" : "false",
|
||||||
|
"saml.client.signature" : "true",
|
||||||
|
"saml.encryption.certificate" : "[[ENCRYPTION_CERTIFICATE]]",
|
||||||
|
"saml.authnstatement" : "true",
|
||||||
|
"saml_name_id_format" : "username",
|
||||||
|
"saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#"
|
||||||
|
},
|
||||||
|
"authenticationFlowBindingOverrides" : { },
|
||||||
|
"fullScopeAllowed" : true,
|
||||||
|
"nodeReRegistrationTimeout" : -1,
|
||||||
|
"protocolMappers" : [ {
|
||||||
|
"id" : "9296daa3-4fc4-4b80-b007-5070f546ae13",
|
||||||
|
"name" : "X500 surname",
|
||||||
|
"protocol" : "saml",
|
||||||
|
"protocolMapper" : "saml-user-property-mapper",
|
||||||
|
"consentRequired" : false,
|
||||||
|
"config" : {
|
||||||
|
"attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
|
||||||
|
"user.attribute" : "lastName",
|
||||||
|
"friendly.name" : "surname",
|
||||||
|
"attribute.name" : "urn:oid:2.5.4.4"
|
||||||
|
}
|
||||||
|
}, {
|
||||||
|
"id" : "ccecf6e4-d20a-4211-b67c-40200a6b2c5d",
|
||||||
|
"name" : "username",
|
||||||
|
"protocol" : "saml",
|
||||||
|
"protocolMapper" : "saml-user-property-mapper",
|
||||||
|
"consentRequired" : false,
|
||||||
|
"config" : {
|
||||||
|
"attribute.nameformat" : "Basic",
|
||||||
|
"user.attribute" : "username",
|
||||||
|
"friendly.name" : "username",
|
||||||
|
"attribute.name" : "username"
|
||||||
|
}
|
||||||
|
}, {
|
||||||
|
"id" : "53858403-eba2-4f6d-81d0-cced700b5719",
|
||||||
|
"name" : "X500 givenName",
|
||||||
|
"protocol" : "saml",
|
||||||
|
"protocolMapper" : "saml-user-property-mapper",
|
||||||
|
"consentRequired" : false,
|
||||||
|
"config" : {
|
||||||
|
"attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
|
||||||
|
"user.attribute" : "firstName",
|
||||||
|
"friendly.name" : "givenName",
|
||||||
|
"attribute.name" : "urn:oid:2.5.4.42"
|
||||||
|
}
|
||||||
|
}, {
|
||||||
|
"id" : "20034db5-1d0e-4e66-b815-fb0440c6d1e2",
|
||||||
|
"name" : "X500 email",
|
||||||
|
"protocol" : "saml",
|
||||||
|
"protocolMapper" : "saml-user-property-mapper",
|
||||||
|
"consentRequired" : false,
|
||||||
|
"config" : {
|
||||||
|
"attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
|
||||||
|
"user.attribute" : "email",
|
||||||
|
"friendly.name" : "email",
|
||||||
|
"attribute.name" : "urn:oid:1.2.840.113549.1.9.1"
|
||||||
|
}
|
||||||
|
} ],
|
||||||
|
"defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
|
||||||
|
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
|
||||||
|
"access" : {
|
||||||
|
"view" : true,
|
||||||
|
"configure" : true,
|
||||||
|
"manage" : true
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,82 @@
|
||||||
|
, {
|
||||||
|
"id" : "bef873f0-2079-4876-8657-067de27d01b7",
|
||||||
|
"clientId" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/metadata",
|
||||||
|
"surrogateAuthRequired" : false,
|
||||||
|
"enabled" : true,
|
||||||
|
"alwaysDisplayInConsole" : false,
|
||||||
|
"clientAuthenticatorType" : "client-secret",
|
||||||
|
"redirectUris" : [ "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/acs" ],
|
||||||
|
"webOrigins" : [ "https://nextcloud.[[DOMAIN]]" ],
|
||||||
|
"notBefore" : 0,
|
||||||
|
"bearerOnly" : false,
|
||||||
|
"consentRequired" : false,
|
||||||
|
"standardFlowEnabled" : true,
|
||||||
|
"implicitFlowEnabled" : false,
|
||||||
|
"directAccessGrantsEnabled" : false,
|
||||||
|
"serviceAccountsEnabled" : false,
|
||||||
|
"publicClient" : false,
|
||||||
|
"frontchannelLogout" : true,
|
||||||
|
"protocol" : "saml",
|
||||||
|
"attributes" : {
|
||||||
|
"saml.assertion.signature" : "true",
|
||||||
|
"saml.force.post.binding" : "true",
|
||||||
|
"saml_assertion_consumer_url_post" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/acs",
|
||||||
|
"saml.server.signature" : "true",
|
||||||
|
"saml.server.signature.keyinfo.ext" : "false",
|
||||||
|
"saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]",
|
||||||
|
"saml_single_logout_service_url_redirect" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/sls",
|
||||||
|
"saml.signature.algorithm" : "RSA_SHA256",
|
||||||
|
"saml_force_name_id_format" : "false",
|
||||||
|
"saml.client.signature" : "true",
|
||||||
|
"saml.authnstatement" : "true",
|
||||||
|
"saml_name_id_format" : "username",
|
||||||
|
"saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#"
|
||||||
|
},
|
||||||
|
"authenticationFlowBindingOverrides" : { },
|
||||||
|
"fullScopeAllowed" : true,
|
||||||
|
"nodeReRegistrationTimeout" : -1,
|
||||||
|
"protocolMappers" : [ {
|
||||||
|
"id" : "e8e4acff-da2b-46aa-8bdb-ba42171671d6",
|
||||||
|
"name" : "username",
|
||||||
|
"protocol" : "saml",
|
||||||
|
"protocolMapper" : "saml-user-attribute-mapper",
|
||||||
|
"consentRequired" : false,
|
||||||
|
"config" : {
|
||||||
|
"attribute.nameformat" : "Basic",
|
||||||
|
"user.attribute" : "username",
|
||||||
|
"friendly.name" : "username",
|
||||||
|
"attribute.name" : "username"
|
||||||
|
}
|
||||||
|
}, {
|
||||||
|
"id" : "28206b59-757b-4e3c-81cb-0b6053b1fd3d",
|
||||||
|
"name" : "email",
|
||||||
|
"protocol" : "saml",
|
||||||
|
"protocolMapper" : "saml-user-property-mapper",
|
||||||
|
"consentRequired" : false,
|
||||||
|
"config" : {
|
||||||
|
"attribute.nameformat" : "Basic",
|
||||||
|
"user.attribute" : "email",
|
||||||
|
"friendly.name" : "email",
|
||||||
|
"attribute.name" : "email"
|
||||||
|
}
|
||||||
|
}, {
|
||||||
|
"id" : "e51e04b9-f71a-42de-819e-dd9285246ada",
|
||||||
|
"name" : "Roles",
|
||||||
|
"protocol" : "saml",
|
||||||
|
"protocolMapper" : "saml-role-list-mapper",
|
||||||
|
"consentRequired" : false,
|
||||||
|
"config" : {
|
||||||
|
"single" : "true",
|
||||||
|
"attribute.nameformat" : "Basic",
|
||||||
|
"friendly.name" : "Roles",
|
||||||
|
"attribute.name" : "Roles"
|
||||||
|
}
|
||||||
|
} ],
|
||||||
|
"defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
|
||||||
|
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
|
||||||
|
"access" : {
|
||||||
|
"view" : true,
|
||||||
|
"configure" : true,
|
||||||
|
"manage" : true
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,81 @@
|
||||||
|
{
|
||||||
|
"id" : "630601f8-25d1-4822-8741-c93affd2cd84",
|
||||||
|
"clientId" : "php-saml",
|
||||||
|
"surrogateAuthRequired" : false,
|
||||||
|
"enabled" : true,
|
||||||
|
"alwaysDisplayInConsole" : false,
|
||||||
|
"clientAuthenticatorType" : "client-secret",
|
||||||
|
"redirectUris" : [ "https://wp.[[DOMAIN]]/wp-login.php?saml_acs" ],
|
||||||
|
"webOrigins" : [ "https://wp.[[DOMAIN]]" ],
|
||||||
|
"notBefore" : 0,
|
||||||
|
"bearerOnly" : false,
|
||||||
|
"consentRequired" : false,
|
||||||
|
"standardFlowEnabled" : true,
|
||||||
|
"implicitFlowEnabled" : false,
|
||||||
|
"directAccessGrantsEnabled" : false,
|
||||||
|
"serviceAccountsEnabled" : false,
|
||||||
|
"publicClient" : false,
|
||||||
|
"frontchannelLogout" : true,
|
||||||
|
"protocol" : "saml",
|
||||||
|
"attributes" : {
|
||||||
|
"saml.force.post.binding" : "true",
|
||||||
|
"saml_assertion_consumer_url_post" : "https://wp.[[DOMAIN]]/wp-login.php?saml_acs",
|
||||||
|
"saml.server.signature" : "true",
|
||||||
|
"saml.server.signature.keyinfo.ext" : "false",
|
||||||
|
"saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]",
|
||||||
|
"saml_single_logout_service_url_redirect" : "https://wp.[[DOMAIN]]/wp-login.php?saml_sls",
|
||||||
|
"saml.signature.algorithm" : "RSA_SHA256",
|
||||||
|
"saml_force_name_id_format" : "false",
|
||||||
|
"saml.client.signature" : "true",
|
||||||
|
"saml.authnstatement" : "true",
|
||||||
|
"saml_name_id_format" : "username",
|
||||||
|
"saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#"
|
||||||
|
},
|
||||||
|
"authenticationFlowBindingOverrides" : { },
|
||||||
|
"fullScopeAllowed" : true,
|
||||||
|
"nodeReRegistrationTimeout" : -1,
|
||||||
|
"protocolMappers" : [ {
|
||||||
|
"id" : "72c6175e-bd07-4c27-abd6-4e4ae38d834b",
|
||||||
|
"name" : "username",
|
||||||
|
"protocol" : "saml",
|
||||||
|
"protocolMapper" : "saml-user-attribute-mapper",
|
||||||
|
"consentRequired" : false,
|
||||||
|
"config" : {
|
||||||
|
"attribute.nameformat" : "Basic",
|
||||||
|
"user.attribute" : "username",
|
||||||
|
"friendly.name" : "username",
|
||||||
|
"attribute.name" : "username"
|
||||||
|
}
|
||||||
|
}, {
|
||||||
|
"id" : "abd6562f-4732-4da9-987f-b1a6ad6605fa",
|
||||||
|
"name" : "roles",
|
||||||
|
"protocol" : "saml",
|
||||||
|
"protocolMapper" : "saml-role-list-mapper",
|
||||||
|
"consentRequired" : false,
|
||||||
|
"config" : {
|
||||||
|
"single" : "true",
|
||||||
|
"attribute.nameformat" : "Basic",
|
||||||
|
"friendly.name" : "Roles",
|
||||||
|
"attribute.name" : "Role"
|
||||||
|
}
|
||||||
|
}, {
|
||||||
|
"id" : "50aafb71-d91c-4bc7-bb60-e1ae0222aab3",
|
||||||
|
"name" : "email",
|
||||||
|
"protocol" : "saml",
|
||||||
|
"protocolMapper" : "saml-user-property-mapper",
|
||||||
|
"consentRequired" : false,
|
||||||
|
"config" : {
|
||||||
|
"attribute.nameformat" : "Basic",
|
||||||
|
"user.attribute" : "email",
|
||||||
|
"friendly.name" : "email",
|
||||||
|
"attribute.name" : "email"
|
||||||
|
}
|
||||||
|
} ],
|
||||||
|
"defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
|
||||||
|
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
|
||||||
|
"access" : {
|
||||||
|
"view" : true,
|
||||||
|
"configure" : true,
|
||||||
|
"manage" : true
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue