added keycloak python lib

root 2021-05-21 18:44:25 +02:00
parent 9f3952dc86
commit 6138e9c65b
10 changed files with 378 additions and 289 deletions

View File

@ -1,3 +1,4 @@
python-keycloak==0.24.0
bcrypt==3.1.7 bcrypt==3.1.7
cffi==1.14.0 cffi==1.14.0
click==7.1.2 click==7.1.2

View File

@ -0,0 +1,102 @@
import os,time,requests,json,getpass,pprint
import traceback
from keycloak_client_exc import *
class ApiClient():
def __init__(self,realm='master'):
##server=os.environ['KEYCLOAK_HOST']
server='isard-sso-keycloak'
self.base_url="http://"+server+":8080/auth/realms/"+realm
self.headers={"Content-Type": "application/x-www-form-urlencoded"}
self.payload={'username':'admin',
'password':'keycloakkeycloak',
'grant_type':'password',
'client_id':'admin-cli'}
self.token=self.get_token()
self.admin_url="http://"+server+":8080/auth/admin/realms/"+realm
# /admin/realms/${KEYCLOAK_REALM}/users/${$USER_ID}"
self.admin_headers={"Accept": "application/json",
"Authorization": "Bearer "+self.token}
def get_token(self):
path="/protocol/openid-connect/token"
resp = requests.post(self.base_url+path, data=self.payload, headers=self.headers)
if resp.status_code == 200: return json.loads(resp.text)['access_token']
print(" URL: "+self.base_url+path)
print("STATUS CODE: "+str(resp.status_code))
print(" RESPONSE: "+resp.text)
exit(1)
def get(self,path,status_code=200,data={},params={}):
resp = requests.get(self.admin_url+path, data=data, params=params, headers=self.admin_headers)
if resp.status_code == status_code: return json.loads(resp.text)
print(" URL: "+self.admin_url+path)
print("STATUS CODE: "+str(resp.status_code))
print(" RESPONSE: "+resp.text)
raise
def post(self,path,status_code=200,data={},params={},json={}):
resp = requests.post(self.admin_url+path, data=data, params=params, json=json, headers=self.admin_headers)
#if resp.status_code == status_code: return True
print(" URL: "+self.admin_url+path)
print("STATUS CODE: "+str(resp.status_code))
print(" RESPONSE: "+resp.text)
if resp.status_code == 409: raise keycloakUsernameEmailExists
raise keycloakError
class KeycloakClient():
def __init__(self,realm='master'):
## REFERENCE: https://www.keycloak.org/docs-api/13.0/rest-api/index.html
self.api=ApiClient()
def get_users(self,username=False,exact=True):
path='/users'
if not username: return self.api.get(path)
return self.api.get(path,params={"username":username,'exact':exact})
def add_user(self,username,first,last,email,password):
user={"firstName":first,
"lastName":last,
"email":last,
"enabled":"true",
"username":username,
"credentials":[{"type":"password",
"value":password,
"temporary":False}]}
try:
self.api.post('/users',status_code=201,json=user)
return True
except keycloakExists:
print('Username or email already exists')
except:
traceback.format_exc()
return False
def get_groups(self,name=False):
path='/groups'
if not name: return self.api.get(path)
return self.api.get(path,params={"name":name})
def add_group(self,name,subgroups=False):
group={"name":name}
try:
self.api.post('/groups',status_code=201,json=group)
return True
except keycloakExists:
print('Group name already exists')
except:
traceback.format_exc()
return False
kapi=KeycloakClient()
# print('GET USERS')
# pprint.pprint(kapi.get_users())
# print('GET ADMIN USER')
# pprint.pprint(kapi.get_users(username='admin'))
# print('ADD USER')
# print(kapi.add_user('pepito','Pepito','Grillo','info@info.com','añlsdkjf'))
# print('GET GROUPS')
# pprint.pprint(kapi.get_groups())
print('ADD GROUP')
pprint.pprint(kapi.add_group('pepito'))

View File

@ -0,0 +1,5 @@
class keycloakError(Exception):
pass
class keycloakExists(Exception):
pass

View File

@ -8,9 +8,18 @@ docker exec -i isard-sso-keycloak sh -c '/opt/jboss/keycloak/bin/kcadm.sh \
/opt/jboss/keycloak/bin/kcadm.sh \ /opt/jboss/keycloak/bin/kcadm.sh \
get realms/master' > keycloak/realm.json get realms/master' > keycloak/realm.json
echo "Dump realm.json" echo "Dump clients.json"
docker exec -i isard-sso-keycloak sh -c '/opt/jboss/keycloak/bin/kcadm.sh \ docker exec -i isard-sso-keycloak sh -c '/opt/jboss/keycloak/bin/kcadm.sh \
config credentials --server http://localhost:8080/auth \ config credentials --server http://localhost:8080/auth \
--realm master --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD &> /dev/null && \ --realm master --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD &> /dev/null && \
/opt/jboss/keycloak/bin/kcadm.sh \ /opt/jboss/keycloak/bin/kcadm.sh \
get realms/master' > keycloak/realm.json get clients' > keycloak/clients.json
kcadm.sh create realms -f - << EOF
{ "realm": "demorealm", "enabled": true }
EOF
### NEW
./kcadm.sh update realms/master -f realm.json

@ -1 +1 @@
Subproject commit 174a6d3ae524f08d72056b571fd41a6975cb8cf1 Subproject commit 790afd2a9c70618e422b0e69ffa702f80a4ee1a6

View File

@ -1,286 +0,0 @@
[ {
"id" : "a92d5417-92b6-4678-9cb9-51bc0edcee8c",
"clientId" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/metadata.php",
"surrogateAuthRequired" : false,
"enabled" : true,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"redirectUris" : [ "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-acs.php/moodle.[[DOMAIN]]" ],
"webOrigins" : [ "https://moodle.[[DOMAIN]]" ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : false,
"serviceAccountsEnabled" : false,
"publicClient" : false,
"frontchannelLogout" : true,
"protocol" : "saml",
"attributes" : {
"saml.force.post.binding" : "true",
"saml.encrypt" : "true",
"saml_assertion_consumer_url_post" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-acs.php/moodle.[[DOMAIN]]",
"saml.server.signature" : "true",
"saml.server.signature.keyinfo.ext" : "false",
"saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]",
"saml_single_logout_service_url_redirect" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-logout.php/moodle.[[DOMAIN]]",
"saml.signature.algorithm" : "RSA_SHA256",
"saml_force_name_id_format" : "false",
"saml.client.signature" : "true",
"saml.encryption.certificate" : "[[ENCRYPTION_CERTIFICATE]]",
"saml.authnstatement" : "true",
"saml_name_id_format" : "username",
"saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#"
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : -1,
"protocolMappers" : [ {
"id" : "9296daa3-4fc4-4b80-b007-5070f546ae13",
"name" : "X500 surname",
"protocol" : "saml",
"protocolMapper" : "saml-user-property-mapper",
"consentRequired" : false,
"config" : {
"attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"user.attribute" : "lastName",
"friendly.name" : "surname",
"attribute.name" : "urn:oid:2.5.4.4"
}
}, {
"id" : "ccecf6e4-d20a-4211-b67c-40200a6b2c5d",
"name" : "username",
"protocol" : "saml",
"protocolMapper" : "saml-user-property-mapper",
"consentRequired" : false,
"config" : {
"attribute.nameformat" : "Basic",
"user.attribute" : "username",
"friendly.name" : "username",
"attribute.name" : "username"
}
}, {
"id" : "53858403-eba2-4f6d-81d0-cced700b5719",
"name" : "X500 givenName",
"protocol" : "saml",
"protocolMapper" : "saml-user-property-mapper",
"consentRequired" : false,
"config" : {
"attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"user.attribute" : "firstName",
"friendly.name" : "givenName",
"attribute.name" : "urn:oid:2.5.4.42"
}
}, {
"id" : "20034db5-1d0e-4e66-b815-fb0440c6d1e2",
"name" : "X500 email",
"protocol" : "saml",
"protocolMapper" : "saml-user-property-mapper",
"consentRequired" : false,
"config" : {
"attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"user.attribute" : "email",
"friendly.name" : "email",
"attribute.name" : "urn:oid:1.2.840.113549.1.9.1"
}
} ],
"defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
"access" : {
"view" : true,
"configure" : true,
"manage" : true
}
}, {
"id" : "bef873f0-2079-4876-8657-067de27d01b7",
"clientId" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/metadata",
"surrogateAuthRequired" : false,
"enabled" : true,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"redirectUris" : [ "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/acs" ],
"webOrigins" : [ "https://nextcloud.[[DOMAIN]]" ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : false,
"serviceAccountsEnabled" : false,
"publicClient" : false,
"frontchannelLogout" : true,
"protocol" : "saml",
"attributes" : {
"saml.assertion.signature" : "true",
"saml.force.post.binding" : "true",
"saml_assertion_consumer_url_post" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/acs",
"saml.server.signature" : "true",
"saml.server.signature.keyinfo.ext" : "false",
"saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]",
"saml_single_logout_service_url_redirect" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/sls",
"saml.signature.algorithm" : "RSA_SHA256",
"saml_force_name_id_format" : "false",
"saml.client.signature" : "true",
"saml.authnstatement" : "true",
"saml_name_id_format" : "username",
"saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#"
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : -1,
"protocolMappers" : [ {
"id" : "e8e4acff-da2b-46aa-8bdb-ba42171671d6",
"name" : "username",
"protocol" : "saml",
"protocolMapper" : "saml-user-attribute-mapper",
"consentRequired" : false,
"config" : {
"attribute.nameformat" : "Basic",
"user.attribute" : "username",
"friendly.name" : "username",
"attribute.name" : "username"
}
}, {
"id" : "28206b59-757b-4e3c-81cb-0b6053b1fd3d",
"name" : "email",
"protocol" : "saml",
"protocolMapper" : "saml-user-property-mapper",
"consentRequired" : false,
"config" : {
"attribute.nameformat" : "Basic",
"user.attribute" : "email",
"friendly.name" : "email",
"attribute.name" : "email"
}
}, {
"id" : "e51e04b9-f71a-42de-819e-dd9285246ada",
"name" : "Roles",
"protocol" : "saml",
"protocolMapper" : "saml-role-list-mapper",
"consentRequired" : false,
"config" : {
"single" : "true",
"attribute.nameformat" : "Basic",
"friendly.name" : "Roles",
"attribute.name" : "Roles"
}
} ],
"defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
"access" : {
"view" : true,
"configure" : true,
"manage" : true
}
}, {
"id" : "78a85fd1-869d-4ba4-8391-5708f7d1abe6",
"clientId" : "master-realm",
"name" : "master Realm",
"surrogateAuthRequired" : false,
"enabled" : true,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"redirectUris" : [ ],
"webOrigins" : [ ],
"notBefore" : 0,
"bearerOnly" : true,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : false,
"serviceAccountsEnabled" : false,
"publicClient" : false,
"frontchannelLogout" : false,
"attributes" : { },
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : 0,
"defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
"access" : {
"view" : true,
"configure" : true,
"manage" : true
}
}, {
"id" : "630601f8-25d1-4822-8741-c93affd2cd84",
"clientId" : "php-saml",
"surrogateAuthRequired" : false,
"enabled" : true,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"redirectUris" : [ "https://wp.[[DOMAIN]]/wp-login.php?saml_acs" ],
"webOrigins" : [ "https://wp.[[DOMAIN]]" ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : false,
"serviceAccountsEnabled" : false,
"publicClient" : false,
"frontchannelLogout" : true,
"protocol" : "saml",
"attributes" : {
"saml.force.post.binding" : "true",
"saml_assertion_consumer_url_post" : "https://wp.[[DOMAIN]]/wp-login.php?saml_acs",
"saml.server.signature" : "true",
"saml.server.signature.keyinfo.ext" : "false",
"saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]",
"saml_single_logout_service_url_redirect" : "https://wp.[[DOMAIN]]/wp-login.php?saml_sls",
"saml.signature.algorithm" : "RSA_SHA256",
"saml_force_name_id_format" : "false",
"saml.client.signature" : "true",
"saml.authnstatement" : "true",
"saml_name_id_format" : "username",
"saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#"
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : -1,
"protocolMappers" : [ {
"id" : "72c6175e-bd07-4c27-abd6-4e4ae38d834b",
"name" : "username",
"protocol" : "saml",
"protocolMapper" : "saml-user-attribute-mapper",
"consentRequired" : false,
"config" : {
"attribute.nameformat" : "Basic",
"user.attribute" : "username",
"friendly.name" : "username",
"attribute.name" : "username"
}
}, {
"id" : "abd6562f-4732-4da9-987f-b1a6ad6605fa",
"name" : "roles",
"protocol" : "saml",
"protocolMapper" : "saml-role-list-mapper",
"consentRequired" : false,
"config" : {
"single" : "true",
"attribute.nameformat" : "Basic",
"friendly.name" : "Roles",
"attribute.name" : "Role"
}
}, {
"id" : "50aafb71-d91c-4bc7-bb60-e1ae0222aab3",
"name" : "email",
"protocol" : "saml",
"protocolMapper" : "saml-user-property-mapper",
"consentRequired" : false,
"config" : {
"attribute.nameformat" : "Basic",
"user.attribute" : "email",
"friendly.name" : "email",
"attribute.name" : "email"
}
} ],
"defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
"access" : {
"view" : true,
"configure" : true,
"manage" : true
}
} ]

View File

@ -0,0 +1,95 @@
{
"id" : "a92d5417-92b6-4678-9cb9-51bc0edcee8c",
"clientId" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/metadata.php",
"surrogateAuthRequired" : false,
"enabled" : true,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"redirectUris" : [ "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-acs.php/moodle.[[DOMAIN]]" ],
"webOrigins" : [ "https://moodle.[[DOMAIN]]" ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : false,
"serviceAccountsEnabled" : false,
"publicClient" : false,
"frontchannelLogout" : true,
"protocol" : "saml",
"attributes" : {
"saml.force.post.binding" : "true",
"saml.encrypt" : "true",
"saml_assertion_consumer_url_post" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-acs.php/moodle.[[DOMAIN]]",
"saml.server.signature" : "true",
"saml.server.signature.keyinfo.ext" : "false",
"saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]",
"saml_single_logout_service_url_redirect" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-logout.php/moodle.[[DOMAIN]]",
"saml.signature.algorithm" : "RSA_SHA256",
"saml_force_name_id_format" : "false",
"saml.client.signature" : "true",
"saml.encryption.certificate" : "[[ENCRYPTION_CERTIFICATE]]",
"saml.authnstatement" : "true",
"saml_name_id_format" : "username",
"saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#"
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : -1,
"protocolMappers" : [ {
"id" : "9296daa3-4fc4-4b80-b007-5070f546ae13",
"name" : "X500 surname",
"protocol" : "saml",
"protocolMapper" : "saml-user-property-mapper",
"consentRequired" : false,
"config" : {
"attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"user.attribute" : "lastName",
"friendly.name" : "surname",
"attribute.name" : "urn:oid:2.5.4.4"
}
}, {
"id" : "ccecf6e4-d20a-4211-b67c-40200a6b2c5d",
"name" : "username",
"protocol" : "saml",
"protocolMapper" : "saml-user-property-mapper",
"consentRequired" : false,
"config" : {
"attribute.nameformat" : "Basic",
"user.attribute" : "username",
"friendly.name" : "username",
"attribute.name" : "username"
}
}, {
"id" : "53858403-eba2-4f6d-81d0-cced700b5719",
"name" : "X500 givenName",
"protocol" : "saml",
"protocolMapper" : "saml-user-property-mapper",
"consentRequired" : false,
"config" : {
"attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"user.attribute" : "firstName",
"friendly.name" : "givenName",
"attribute.name" : "urn:oid:2.5.4.42"
}
}, {
"id" : "20034db5-1d0e-4e66-b815-fb0440c6d1e2",
"name" : "X500 email",
"protocol" : "saml",
"protocolMapper" : "saml-user-property-mapper",
"consentRequired" : false,
"config" : {
"attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
"user.attribute" : "email",
"friendly.name" : "email",
"attribute.name" : "urn:oid:1.2.840.113549.1.9.1"
}
} ],
"defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
"access" : {
"view" : true,
"configure" : true,
"manage" : true
}
}

View File

@ -0,0 +1,82 @@
, {
"id" : "bef873f0-2079-4876-8657-067de27d01b7",
"clientId" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/metadata",
"surrogateAuthRequired" : false,
"enabled" : true,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"redirectUris" : [ "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/acs" ],
"webOrigins" : [ "https://nextcloud.[[DOMAIN]]" ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : false,
"serviceAccountsEnabled" : false,
"publicClient" : false,
"frontchannelLogout" : true,
"protocol" : "saml",
"attributes" : {
"saml.assertion.signature" : "true",
"saml.force.post.binding" : "true",
"saml_assertion_consumer_url_post" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/acs",
"saml.server.signature" : "true",
"saml.server.signature.keyinfo.ext" : "false",
"saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]",
"saml_single_logout_service_url_redirect" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/sls",
"saml.signature.algorithm" : "RSA_SHA256",
"saml_force_name_id_format" : "false",
"saml.client.signature" : "true",
"saml.authnstatement" : "true",
"saml_name_id_format" : "username",
"saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#"
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : -1,
"protocolMappers" : [ {
"id" : "e8e4acff-da2b-46aa-8bdb-ba42171671d6",
"name" : "username",
"protocol" : "saml",
"protocolMapper" : "saml-user-attribute-mapper",
"consentRequired" : false,
"config" : {
"attribute.nameformat" : "Basic",
"user.attribute" : "username",
"friendly.name" : "username",
"attribute.name" : "username"
}
}, {
"id" : "28206b59-757b-4e3c-81cb-0b6053b1fd3d",
"name" : "email",
"protocol" : "saml",
"protocolMapper" : "saml-user-property-mapper",
"consentRequired" : false,
"config" : {
"attribute.nameformat" : "Basic",
"user.attribute" : "email",
"friendly.name" : "email",
"attribute.name" : "email"
}
}, {
"id" : "e51e04b9-f71a-42de-819e-dd9285246ada",
"name" : "Roles",
"protocol" : "saml",
"protocolMapper" : "saml-role-list-mapper",
"consentRequired" : false,
"config" : {
"single" : "true",
"attribute.nameformat" : "Basic",
"friendly.name" : "Roles",
"attribute.name" : "Roles"
}
} ],
"defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
"access" : {
"view" : true,
"configure" : true,
"manage" : true
}
}

View File

@ -0,0 +1,81 @@
{
"id" : "630601f8-25d1-4822-8741-c93affd2cd84",
"clientId" : "php-saml",
"surrogateAuthRequired" : false,
"enabled" : true,
"alwaysDisplayInConsole" : false,
"clientAuthenticatorType" : "client-secret",
"redirectUris" : [ "https://wp.[[DOMAIN]]/wp-login.php?saml_acs" ],
"webOrigins" : [ "https://wp.[[DOMAIN]]" ],
"notBefore" : 0,
"bearerOnly" : false,
"consentRequired" : false,
"standardFlowEnabled" : true,
"implicitFlowEnabled" : false,
"directAccessGrantsEnabled" : false,
"serviceAccountsEnabled" : false,
"publicClient" : false,
"frontchannelLogout" : true,
"protocol" : "saml",
"attributes" : {
"saml.force.post.binding" : "true",
"saml_assertion_consumer_url_post" : "https://wp.[[DOMAIN]]/wp-login.php?saml_acs",
"saml.server.signature" : "true",
"saml.server.signature.keyinfo.ext" : "false",
"saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]",
"saml_single_logout_service_url_redirect" : "https://wp.[[DOMAIN]]/wp-login.php?saml_sls",
"saml.signature.algorithm" : "RSA_SHA256",
"saml_force_name_id_format" : "false",
"saml.client.signature" : "true",
"saml.authnstatement" : "true",
"saml_name_id_format" : "username",
"saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#"
},
"authenticationFlowBindingOverrides" : { },
"fullScopeAllowed" : true,
"nodeReRegistrationTimeout" : -1,
"protocolMappers" : [ {
"id" : "72c6175e-bd07-4c27-abd6-4e4ae38d834b",
"name" : "username",
"protocol" : "saml",
"protocolMapper" : "saml-user-attribute-mapper",
"consentRequired" : false,
"config" : {
"attribute.nameformat" : "Basic",
"user.attribute" : "username",
"friendly.name" : "username",
"attribute.name" : "username"
}
}, {
"id" : "abd6562f-4732-4da9-987f-b1a6ad6605fa",
"name" : "roles",
"protocol" : "saml",
"protocolMapper" : "saml-role-list-mapper",
"consentRequired" : false,
"config" : {
"single" : "true",
"attribute.nameformat" : "Basic",
"friendly.name" : "Roles",
"attribute.name" : "Role"
}
}, {
"id" : "50aafb71-d91c-4bc7-bb60-e1ae0222aab3",
"name" : "email",
"protocol" : "saml",
"protocolMapper" : "saml-user-property-mapper",
"consentRequired" : false,
"config" : {
"attribute.nameformat" : "Basic",
"user.attribute" : "email",
"friendly.name" : "email",
"attribute.name" : "email"
}
} ],
"defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
"access" : {
"view" : true,
"configure" : true,
"manage" : true
}
}