added keycloak python lib
parent
9f3952dc86
commit
6138e9c65b
|
@ -1,3 +1,4 @@
|
|||
python-keycloak==0.24.0
|
||||
bcrypt==3.1.7
|
||||
cffi==1.14.0
|
||||
click==7.1.2
|
||||
|
|
Binary file not shown.
|
@ -0,0 +1,102 @@
|
|||
import os,time,requests,json,getpass,pprint
|
||||
import traceback
|
||||
|
||||
from keycloak_client_exc import *
|
||||
|
||||
class ApiClient():
|
||||
def __init__(self,realm='master'):
|
||||
##server=os.environ['KEYCLOAK_HOST']
|
||||
server='isard-sso-keycloak'
|
||||
self.base_url="http://"+server+":8080/auth/realms/"+realm
|
||||
self.headers={"Content-Type": "application/x-www-form-urlencoded"}
|
||||
self.payload={'username':'admin',
|
||||
'password':'keycloakkeycloak',
|
||||
'grant_type':'password',
|
||||
'client_id':'admin-cli'}
|
||||
self.token=self.get_token()
|
||||
self.admin_url="http://"+server+":8080/auth/admin/realms/"+realm
|
||||
# /admin/realms/${KEYCLOAK_REALM}/users/${$USER_ID}"
|
||||
self.admin_headers={"Accept": "application/json",
|
||||
"Authorization": "Bearer "+self.token}
|
||||
|
||||
def get_token(self):
|
||||
path="/protocol/openid-connect/token"
|
||||
resp = requests.post(self.base_url+path, data=self.payload, headers=self.headers)
|
||||
if resp.status_code == 200: return json.loads(resp.text)['access_token']
|
||||
print(" URL: "+self.base_url+path)
|
||||
print("STATUS CODE: "+str(resp.status_code))
|
||||
print(" RESPONSE: "+resp.text)
|
||||
exit(1)
|
||||
|
||||
def get(self,path,status_code=200,data={},params={}):
|
||||
resp = requests.get(self.admin_url+path, data=data, params=params, headers=self.admin_headers)
|
||||
if resp.status_code == status_code: return json.loads(resp.text)
|
||||
print(" URL: "+self.admin_url+path)
|
||||
print("STATUS CODE: "+str(resp.status_code))
|
||||
print(" RESPONSE: "+resp.text)
|
||||
raise
|
||||
|
||||
def post(self,path,status_code=200,data={},params={},json={}):
|
||||
resp = requests.post(self.admin_url+path, data=data, params=params, json=json, headers=self.admin_headers)
|
||||
#if resp.status_code == status_code: return True
|
||||
print(" URL: "+self.admin_url+path)
|
||||
print("STATUS CODE: "+str(resp.status_code))
|
||||
print(" RESPONSE: "+resp.text)
|
||||
if resp.status_code == 409: raise keycloakUsernameEmailExists
|
||||
raise keycloakError
|
||||
|
||||
class KeycloakClient():
|
||||
def __init__(self,realm='master'):
|
||||
## REFERENCE: https://www.keycloak.org/docs-api/13.0/rest-api/index.html
|
||||
self.api=ApiClient()
|
||||
|
||||
def get_users(self,username=False,exact=True):
|
||||
path='/users'
|
||||
if not username: return self.api.get(path)
|
||||
return self.api.get(path,params={"username":username,'exact':exact})
|
||||
|
||||
def add_user(self,username,first,last,email,password):
|
||||
user={"firstName":first,
|
||||
"lastName":last,
|
||||
"email":last,
|
||||
"enabled":"true",
|
||||
"username":username,
|
||||
"credentials":[{"type":"password",
|
||||
"value":password,
|
||||
"temporary":False}]}
|
||||
try:
|
||||
self.api.post('/users',status_code=201,json=user)
|
||||
return True
|
||||
except keycloakExists:
|
||||
print('Username or email already exists')
|
||||
except:
|
||||
traceback.format_exc()
|
||||
return False
|
||||
|
||||
def get_groups(self,name=False):
|
||||
path='/groups'
|
||||
if not name: return self.api.get(path)
|
||||
return self.api.get(path,params={"name":name})
|
||||
|
||||
def add_group(self,name,subgroups=False):
|
||||
group={"name":name}
|
||||
try:
|
||||
self.api.post('/groups',status_code=201,json=group)
|
||||
return True
|
||||
except keycloakExists:
|
||||
print('Group name already exists')
|
||||
except:
|
||||
traceback.format_exc()
|
||||
return False
|
||||
|
||||
kapi=KeycloakClient()
|
||||
# print('GET USERS')
|
||||
# pprint.pprint(kapi.get_users())
|
||||
# print('GET ADMIN USER')
|
||||
# pprint.pprint(kapi.get_users(username='admin'))
|
||||
# print('ADD USER')
|
||||
# print(kapi.add_user('pepito','Pepito','Grillo','info@info.com','añlsdkjf'))
|
||||
# print('GET GROUPS')
|
||||
# pprint.pprint(kapi.get_groups())
|
||||
print('ADD GROUP')
|
||||
pprint.pprint(kapi.add_group('pepito'))
|
|
@ -0,0 +1,5 @@
|
|||
class keycloakError(Exception):
|
||||
pass
|
||||
|
||||
class keycloakExists(Exception):
|
||||
pass
|
13
config/dd.sh
13
config/dd.sh
|
@ -8,9 +8,18 @@ docker exec -i isard-sso-keycloak sh -c '/opt/jboss/keycloak/bin/kcadm.sh \
|
|||
/opt/jboss/keycloak/bin/kcadm.sh \
|
||||
get realms/master' > keycloak/realm.json
|
||||
|
||||
echo "Dump realm.json"
|
||||
echo "Dump clients.json"
|
||||
docker exec -i isard-sso-keycloak sh -c '/opt/jboss/keycloak/bin/kcadm.sh \
|
||||
config credentials --server http://localhost:8080/auth \
|
||||
--realm master --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD &> /dev/null && \
|
||||
/opt/jboss/keycloak/bin/kcadm.sh \
|
||||
get realms/master' > keycloak/realm.json
|
||||
get clients' > keycloak/clients.json
|
||||
|
||||
kcadm.sh create realms -f - << EOF
|
||||
{ "realm": "demorealm", "enabled": true }
|
||||
EOF
|
||||
|
||||
|
||||
### NEW
|
||||
|
||||
./kcadm.sh update realms/master -f realm.json
|
|
@ -1 +1 @@
|
|||
Subproject commit 174a6d3ae524f08d72056b571fd41a6975cb8cf1
|
||||
Subproject commit 790afd2a9c70618e422b0e69ffa702f80a4ee1a6
|
|
@ -1,286 +0,0 @@
|
|||
[ {
|
||||
"id" : "a92d5417-92b6-4678-9cb9-51bc0edcee8c",
|
||||
"clientId" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/metadata.php",
|
||||
"surrogateAuthRequired" : false,
|
||||
"enabled" : true,
|
||||
"alwaysDisplayInConsole" : false,
|
||||
"clientAuthenticatorType" : "client-secret",
|
||||
"redirectUris" : [ "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-acs.php/moodle.[[DOMAIN]]" ],
|
||||
"webOrigins" : [ "https://moodle.[[DOMAIN]]" ],
|
||||
"notBefore" : 0,
|
||||
"bearerOnly" : false,
|
||||
"consentRequired" : false,
|
||||
"standardFlowEnabled" : true,
|
||||
"implicitFlowEnabled" : false,
|
||||
"directAccessGrantsEnabled" : false,
|
||||
"serviceAccountsEnabled" : false,
|
||||
"publicClient" : false,
|
||||
"frontchannelLogout" : true,
|
||||
"protocol" : "saml",
|
||||
"attributes" : {
|
||||
"saml.force.post.binding" : "true",
|
||||
"saml.encrypt" : "true",
|
||||
"saml_assertion_consumer_url_post" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-acs.php/moodle.[[DOMAIN]]",
|
||||
"saml.server.signature" : "true",
|
||||
"saml.server.signature.keyinfo.ext" : "false",
|
||||
"saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]",
|
||||
"saml_single_logout_service_url_redirect" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-logout.php/moodle.[[DOMAIN]]",
|
||||
"saml.signature.algorithm" : "RSA_SHA256",
|
||||
"saml_force_name_id_format" : "false",
|
||||
"saml.client.signature" : "true",
|
||||
"saml.encryption.certificate" : "[[ENCRYPTION_CERTIFICATE]]",
|
||||
"saml.authnstatement" : "true",
|
||||
"saml_name_id_format" : "username",
|
||||
"saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#"
|
||||
},
|
||||
"authenticationFlowBindingOverrides" : { },
|
||||
"fullScopeAllowed" : true,
|
||||
"nodeReRegistrationTimeout" : -1,
|
||||
"protocolMappers" : [ {
|
||||
"id" : "9296daa3-4fc4-4b80-b007-5070f546ae13",
|
||||
"name" : "X500 surname",
|
||||
"protocol" : "saml",
|
||||
"protocolMapper" : "saml-user-property-mapper",
|
||||
"consentRequired" : false,
|
||||
"config" : {
|
||||
"attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
|
||||
"user.attribute" : "lastName",
|
||||
"friendly.name" : "surname",
|
||||
"attribute.name" : "urn:oid:2.5.4.4"
|
||||
}
|
||||
}, {
|
||||
"id" : "ccecf6e4-d20a-4211-b67c-40200a6b2c5d",
|
||||
"name" : "username",
|
||||
"protocol" : "saml",
|
||||
"protocolMapper" : "saml-user-property-mapper",
|
||||
"consentRequired" : false,
|
||||
"config" : {
|
||||
"attribute.nameformat" : "Basic",
|
||||
"user.attribute" : "username",
|
||||
"friendly.name" : "username",
|
||||
"attribute.name" : "username"
|
||||
}
|
||||
}, {
|
||||
"id" : "53858403-eba2-4f6d-81d0-cced700b5719",
|
||||
"name" : "X500 givenName",
|
||||
"protocol" : "saml",
|
||||
"protocolMapper" : "saml-user-property-mapper",
|
||||
"consentRequired" : false,
|
||||
"config" : {
|
||||
"attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
|
||||
"user.attribute" : "firstName",
|
||||
"friendly.name" : "givenName",
|
||||
"attribute.name" : "urn:oid:2.5.4.42"
|
||||
}
|
||||
}, {
|
||||
"id" : "20034db5-1d0e-4e66-b815-fb0440c6d1e2",
|
||||
"name" : "X500 email",
|
||||
"protocol" : "saml",
|
||||
"protocolMapper" : "saml-user-property-mapper",
|
||||
"consentRequired" : false,
|
||||
"config" : {
|
||||
"attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
|
||||
"user.attribute" : "email",
|
||||
"friendly.name" : "email",
|
||||
"attribute.name" : "urn:oid:1.2.840.113549.1.9.1"
|
||||
}
|
||||
} ],
|
||||
"defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
|
||||
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
|
||||
"access" : {
|
||||
"view" : true,
|
||||
"configure" : true,
|
||||
"manage" : true
|
||||
}
|
||||
}, {
|
||||
"id" : "bef873f0-2079-4876-8657-067de27d01b7",
|
||||
"clientId" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/metadata",
|
||||
"surrogateAuthRequired" : false,
|
||||
"enabled" : true,
|
||||
"alwaysDisplayInConsole" : false,
|
||||
"clientAuthenticatorType" : "client-secret",
|
||||
"redirectUris" : [ "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/acs" ],
|
||||
"webOrigins" : [ "https://nextcloud.[[DOMAIN]]" ],
|
||||
"notBefore" : 0,
|
||||
"bearerOnly" : false,
|
||||
"consentRequired" : false,
|
||||
"standardFlowEnabled" : true,
|
||||
"implicitFlowEnabled" : false,
|
||||
"directAccessGrantsEnabled" : false,
|
||||
"serviceAccountsEnabled" : false,
|
||||
"publicClient" : false,
|
||||
"frontchannelLogout" : true,
|
||||
"protocol" : "saml",
|
||||
"attributes" : {
|
||||
"saml.assertion.signature" : "true",
|
||||
"saml.force.post.binding" : "true",
|
||||
"saml_assertion_consumer_url_post" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/acs",
|
||||
"saml.server.signature" : "true",
|
||||
"saml.server.signature.keyinfo.ext" : "false",
|
||||
"saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]",
|
||||
"saml_single_logout_service_url_redirect" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/sls",
|
||||
"saml.signature.algorithm" : "RSA_SHA256",
|
||||
"saml_force_name_id_format" : "false",
|
||||
"saml.client.signature" : "true",
|
||||
"saml.authnstatement" : "true",
|
||||
"saml_name_id_format" : "username",
|
||||
"saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#"
|
||||
},
|
||||
"authenticationFlowBindingOverrides" : { },
|
||||
"fullScopeAllowed" : true,
|
||||
"nodeReRegistrationTimeout" : -1,
|
||||
"protocolMappers" : [ {
|
||||
"id" : "e8e4acff-da2b-46aa-8bdb-ba42171671d6",
|
||||
"name" : "username",
|
||||
"protocol" : "saml",
|
||||
"protocolMapper" : "saml-user-attribute-mapper",
|
||||
"consentRequired" : false,
|
||||
"config" : {
|
||||
"attribute.nameformat" : "Basic",
|
||||
"user.attribute" : "username",
|
||||
"friendly.name" : "username",
|
||||
"attribute.name" : "username"
|
||||
}
|
||||
}, {
|
||||
"id" : "28206b59-757b-4e3c-81cb-0b6053b1fd3d",
|
||||
"name" : "email",
|
||||
"protocol" : "saml",
|
||||
"protocolMapper" : "saml-user-property-mapper",
|
||||
"consentRequired" : false,
|
||||
"config" : {
|
||||
"attribute.nameformat" : "Basic",
|
||||
"user.attribute" : "email",
|
||||
"friendly.name" : "email",
|
||||
"attribute.name" : "email"
|
||||
}
|
||||
}, {
|
||||
"id" : "e51e04b9-f71a-42de-819e-dd9285246ada",
|
||||
"name" : "Roles",
|
||||
"protocol" : "saml",
|
||||
"protocolMapper" : "saml-role-list-mapper",
|
||||
"consentRequired" : false,
|
||||
"config" : {
|
||||
"single" : "true",
|
||||
"attribute.nameformat" : "Basic",
|
||||
"friendly.name" : "Roles",
|
||||
"attribute.name" : "Roles"
|
||||
}
|
||||
} ],
|
||||
"defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
|
||||
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
|
||||
"access" : {
|
||||
"view" : true,
|
||||
"configure" : true,
|
||||
"manage" : true
|
||||
}
|
||||
}, {
|
||||
"id" : "78a85fd1-869d-4ba4-8391-5708f7d1abe6",
|
||||
"clientId" : "master-realm",
|
||||
"name" : "master Realm",
|
||||
"surrogateAuthRequired" : false,
|
||||
"enabled" : true,
|
||||
"alwaysDisplayInConsole" : false,
|
||||
"clientAuthenticatorType" : "client-secret",
|
||||
"redirectUris" : [ ],
|
||||
"webOrigins" : [ ],
|
||||
"notBefore" : 0,
|
||||
"bearerOnly" : true,
|
||||
"consentRequired" : false,
|
||||
"standardFlowEnabled" : true,
|
||||
"implicitFlowEnabled" : false,
|
||||
"directAccessGrantsEnabled" : false,
|
||||
"serviceAccountsEnabled" : false,
|
||||
"publicClient" : false,
|
||||
"frontchannelLogout" : false,
|
||||
"attributes" : { },
|
||||
"authenticationFlowBindingOverrides" : { },
|
||||
"fullScopeAllowed" : true,
|
||||
"nodeReRegistrationTimeout" : 0,
|
||||
"defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
|
||||
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
|
||||
"access" : {
|
||||
"view" : true,
|
||||
"configure" : true,
|
||||
"manage" : true
|
||||
}
|
||||
}, {
|
||||
"id" : "630601f8-25d1-4822-8741-c93affd2cd84",
|
||||
"clientId" : "php-saml",
|
||||
"surrogateAuthRequired" : false,
|
||||
"enabled" : true,
|
||||
"alwaysDisplayInConsole" : false,
|
||||
"clientAuthenticatorType" : "client-secret",
|
||||
"redirectUris" : [ "https://wp.[[DOMAIN]]/wp-login.php?saml_acs" ],
|
||||
"webOrigins" : [ "https://wp.[[DOMAIN]]" ],
|
||||
"notBefore" : 0,
|
||||
"bearerOnly" : false,
|
||||
"consentRequired" : false,
|
||||
"standardFlowEnabled" : true,
|
||||
"implicitFlowEnabled" : false,
|
||||
"directAccessGrantsEnabled" : false,
|
||||
"serviceAccountsEnabled" : false,
|
||||
"publicClient" : false,
|
||||
"frontchannelLogout" : true,
|
||||
"protocol" : "saml",
|
||||
"attributes" : {
|
||||
"saml.force.post.binding" : "true",
|
||||
"saml_assertion_consumer_url_post" : "https://wp.[[DOMAIN]]/wp-login.php?saml_acs",
|
||||
"saml.server.signature" : "true",
|
||||
"saml.server.signature.keyinfo.ext" : "false",
|
||||
"saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]",
|
||||
"saml_single_logout_service_url_redirect" : "https://wp.[[DOMAIN]]/wp-login.php?saml_sls",
|
||||
"saml.signature.algorithm" : "RSA_SHA256",
|
||||
"saml_force_name_id_format" : "false",
|
||||
"saml.client.signature" : "true",
|
||||
"saml.authnstatement" : "true",
|
||||
"saml_name_id_format" : "username",
|
||||
"saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#"
|
||||
},
|
||||
"authenticationFlowBindingOverrides" : { },
|
||||
"fullScopeAllowed" : true,
|
||||
"nodeReRegistrationTimeout" : -1,
|
||||
"protocolMappers" : [ {
|
||||
"id" : "72c6175e-bd07-4c27-abd6-4e4ae38d834b",
|
||||
"name" : "username",
|
||||
"protocol" : "saml",
|
||||
"protocolMapper" : "saml-user-attribute-mapper",
|
||||
"consentRequired" : false,
|
||||
"config" : {
|
||||
"attribute.nameformat" : "Basic",
|
||||
"user.attribute" : "username",
|
||||
"friendly.name" : "username",
|
||||
"attribute.name" : "username"
|
||||
}
|
||||
}, {
|
||||
"id" : "abd6562f-4732-4da9-987f-b1a6ad6605fa",
|
||||
"name" : "roles",
|
||||
"protocol" : "saml",
|
||||
"protocolMapper" : "saml-role-list-mapper",
|
||||
"consentRequired" : false,
|
||||
"config" : {
|
||||
"single" : "true",
|
||||
"attribute.nameformat" : "Basic",
|
||||
"friendly.name" : "Roles",
|
||||
"attribute.name" : "Role"
|
||||
}
|
||||
}, {
|
||||
"id" : "50aafb71-d91c-4bc7-bb60-e1ae0222aab3",
|
||||
"name" : "email",
|
||||
"protocol" : "saml",
|
||||
"protocolMapper" : "saml-user-property-mapper",
|
||||
"consentRequired" : false,
|
||||
"config" : {
|
||||
"attribute.nameformat" : "Basic",
|
||||
"user.attribute" : "email",
|
||||
"friendly.name" : "email",
|
||||
"attribute.name" : "email"
|
||||
}
|
||||
} ],
|
||||
"defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
|
||||
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
|
||||
"access" : {
|
||||
"view" : true,
|
||||
"configure" : true,
|
||||
"manage" : true
|
||||
}
|
||||
} ]
|
|
@ -0,0 +1,95 @@
|
|||
{
|
||||
"id" : "a92d5417-92b6-4678-9cb9-51bc0edcee8c",
|
||||
"clientId" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/metadata.php",
|
||||
"surrogateAuthRequired" : false,
|
||||
"enabled" : true,
|
||||
"alwaysDisplayInConsole" : false,
|
||||
"clientAuthenticatorType" : "client-secret",
|
||||
"redirectUris" : [ "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-acs.php/moodle.[[DOMAIN]]" ],
|
||||
"webOrigins" : [ "https://moodle.[[DOMAIN]]" ],
|
||||
"notBefore" : 0,
|
||||
"bearerOnly" : false,
|
||||
"consentRequired" : false,
|
||||
"standardFlowEnabled" : true,
|
||||
"implicitFlowEnabled" : false,
|
||||
"directAccessGrantsEnabled" : false,
|
||||
"serviceAccountsEnabled" : false,
|
||||
"publicClient" : false,
|
||||
"frontchannelLogout" : true,
|
||||
"protocol" : "saml",
|
||||
"attributes" : {
|
||||
"saml.force.post.binding" : "true",
|
||||
"saml.encrypt" : "true",
|
||||
"saml_assertion_consumer_url_post" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-acs.php/moodle.[[DOMAIN]]",
|
||||
"saml.server.signature" : "true",
|
||||
"saml.server.signature.keyinfo.ext" : "false",
|
||||
"saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]",
|
||||
"saml_single_logout_service_url_redirect" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-logout.php/moodle.[[DOMAIN]]",
|
||||
"saml.signature.algorithm" : "RSA_SHA256",
|
||||
"saml_force_name_id_format" : "false",
|
||||
"saml.client.signature" : "true",
|
||||
"saml.encryption.certificate" : "[[ENCRYPTION_CERTIFICATE]]",
|
||||
"saml.authnstatement" : "true",
|
||||
"saml_name_id_format" : "username",
|
||||
"saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#"
|
||||
},
|
||||
"authenticationFlowBindingOverrides" : { },
|
||||
"fullScopeAllowed" : true,
|
||||
"nodeReRegistrationTimeout" : -1,
|
||||
"protocolMappers" : [ {
|
||||
"id" : "9296daa3-4fc4-4b80-b007-5070f546ae13",
|
||||
"name" : "X500 surname",
|
||||
"protocol" : "saml",
|
||||
"protocolMapper" : "saml-user-property-mapper",
|
||||
"consentRequired" : false,
|
||||
"config" : {
|
||||
"attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
|
||||
"user.attribute" : "lastName",
|
||||
"friendly.name" : "surname",
|
||||
"attribute.name" : "urn:oid:2.5.4.4"
|
||||
}
|
||||
}, {
|
||||
"id" : "ccecf6e4-d20a-4211-b67c-40200a6b2c5d",
|
||||
"name" : "username",
|
||||
"protocol" : "saml",
|
||||
"protocolMapper" : "saml-user-property-mapper",
|
||||
"consentRequired" : false,
|
||||
"config" : {
|
||||
"attribute.nameformat" : "Basic",
|
||||
"user.attribute" : "username",
|
||||
"friendly.name" : "username",
|
||||
"attribute.name" : "username"
|
||||
}
|
||||
}, {
|
||||
"id" : "53858403-eba2-4f6d-81d0-cced700b5719",
|
||||
"name" : "X500 givenName",
|
||||
"protocol" : "saml",
|
||||
"protocolMapper" : "saml-user-property-mapper",
|
||||
"consentRequired" : false,
|
||||
"config" : {
|
||||
"attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
|
||||
"user.attribute" : "firstName",
|
||||
"friendly.name" : "givenName",
|
||||
"attribute.name" : "urn:oid:2.5.4.42"
|
||||
}
|
||||
}, {
|
||||
"id" : "20034db5-1d0e-4e66-b815-fb0440c6d1e2",
|
||||
"name" : "X500 email",
|
||||
"protocol" : "saml",
|
||||
"protocolMapper" : "saml-user-property-mapper",
|
||||
"consentRequired" : false,
|
||||
"config" : {
|
||||
"attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
|
||||
"user.attribute" : "email",
|
||||
"friendly.name" : "email",
|
||||
"attribute.name" : "urn:oid:1.2.840.113549.1.9.1"
|
||||
}
|
||||
} ],
|
||||
"defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
|
||||
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
|
||||
"access" : {
|
||||
"view" : true,
|
||||
"configure" : true,
|
||||
"manage" : true
|
||||
}
|
||||
}
|
|
@ -0,0 +1,82 @@
|
|||
, {
|
||||
"id" : "bef873f0-2079-4876-8657-067de27d01b7",
|
||||
"clientId" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/metadata",
|
||||
"surrogateAuthRequired" : false,
|
||||
"enabled" : true,
|
||||
"alwaysDisplayInConsole" : false,
|
||||
"clientAuthenticatorType" : "client-secret",
|
||||
"redirectUris" : [ "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/acs" ],
|
||||
"webOrigins" : [ "https://nextcloud.[[DOMAIN]]" ],
|
||||
"notBefore" : 0,
|
||||
"bearerOnly" : false,
|
||||
"consentRequired" : false,
|
||||
"standardFlowEnabled" : true,
|
||||
"implicitFlowEnabled" : false,
|
||||
"directAccessGrantsEnabled" : false,
|
||||
"serviceAccountsEnabled" : false,
|
||||
"publicClient" : false,
|
||||
"frontchannelLogout" : true,
|
||||
"protocol" : "saml",
|
||||
"attributes" : {
|
||||
"saml.assertion.signature" : "true",
|
||||
"saml.force.post.binding" : "true",
|
||||
"saml_assertion_consumer_url_post" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/acs",
|
||||
"saml.server.signature" : "true",
|
||||
"saml.server.signature.keyinfo.ext" : "false",
|
||||
"saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]",
|
||||
"saml_single_logout_service_url_redirect" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/sls",
|
||||
"saml.signature.algorithm" : "RSA_SHA256",
|
||||
"saml_force_name_id_format" : "false",
|
||||
"saml.client.signature" : "true",
|
||||
"saml.authnstatement" : "true",
|
||||
"saml_name_id_format" : "username",
|
||||
"saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#"
|
||||
},
|
||||
"authenticationFlowBindingOverrides" : { },
|
||||
"fullScopeAllowed" : true,
|
||||
"nodeReRegistrationTimeout" : -1,
|
||||
"protocolMappers" : [ {
|
||||
"id" : "e8e4acff-da2b-46aa-8bdb-ba42171671d6",
|
||||
"name" : "username",
|
||||
"protocol" : "saml",
|
||||
"protocolMapper" : "saml-user-attribute-mapper",
|
||||
"consentRequired" : false,
|
||||
"config" : {
|
||||
"attribute.nameformat" : "Basic",
|
||||
"user.attribute" : "username",
|
||||
"friendly.name" : "username",
|
||||
"attribute.name" : "username"
|
||||
}
|
||||
}, {
|
||||
"id" : "28206b59-757b-4e3c-81cb-0b6053b1fd3d",
|
||||
"name" : "email",
|
||||
"protocol" : "saml",
|
||||
"protocolMapper" : "saml-user-property-mapper",
|
||||
"consentRequired" : false,
|
||||
"config" : {
|
||||
"attribute.nameformat" : "Basic",
|
||||
"user.attribute" : "email",
|
||||
"friendly.name" : "email",
|
||||
"attribute.name" : "email"
|
||||
}
|
||||
}, {
|
||||
"id" : "e51e04b9-f71a-42de-819e-dd9285246ada",
|
||||
"name" : "Roles",
|
||||
"protocol" : "saml",
|
||||
"protocolMapper" : "saml-role-list-mapper",
|
||||
"consentRequired" : false,
|
||||
"config" : {
|
||||
"single" : "true",
|
||||
"attribute.nameformat" : "Basic",
|
||||
"friendly.name" : "Roles",
|
||||
"attribute.name" : "Roles"
|
||||
}
|
||||
} ],
|
||||
"defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
|
||||
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
|
||||
"access" : {
|
||||
"view" : true,
|
||||
"configure" : true,
|
||||
"manage" : true
|
||||
}
|
||||
}
|
|
@ -0,0 +1,81 @@
|
|||
{
|
||||
"id" : "630601f8-25d1-4822-8741-c93affd2cd84",
|
||||
"clientId" : "php-saml",
|
||||
"surrogateAuthRequired" : false,
|
||||
"enabled" : true,
|
||||
"alwaysDisplayInConsole" : false,
|
||||
"clientAuthenticatorType" : "client-secret",
|
||||
"redirectUris" : [ "https://wp.[[DOMAIN]]/wp-login.php?saml_acs" ],
|
||||
"webOrigins" : [ "https://wp.[[DOMAIN]]" ],
|
||||
"notBefore" : 0,
|
||||
"bearerOnly" : false,
|
||||
"consentRequired" : false,
|
||||
"standardFlowEnabled" : true,
|
||||
"implicitFlowEnabled" : false,
|
||||
"directAccessGrantsEnabled" : false,
|
||||
"serviceAccountsEnabled" : false,
|
||||
"publicClient" : false,
|
||||
"frontchannelLogout" : true,
|
||||
"protocol" : "saml",
|
||||
"attributes" : {
|
||||
"saml.force.post.binding" : "true",
|
||||
"saml_assertion_consumer_url_post" : "https://wp.[[DOMAIN]]/wp-login.php?saml_acs",
|
||||
"saml.server.signature" : "true",
|
||||
"saml.server.signature.keyinfo.ext" : "false",
|
||||
"saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]",
|
||||
"saml_single_logout_service_url_redirect" : "https://wp.[[DOMAIN]]/wp-login.php?saml_sls",
|
||||
"saml.signature.algorithm" : "RSA_SHA256",
|
||||
"saml_force_name_id_format" : "false",
|
||||
"saml.client.signature" : "true",
|
||||
"saml.authnstatement" : "true",
|
||||
"saml_name_id_format" : "username",
|
||||
"saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#"
|
||||
},
|
||||
"authenticationFlowBindingOverrides" : { },
|
||||
"fullScopeAllowed" : true,
|
||||
"nodeReRegistrationTimeout" : -1,
|
||||
"protocolMappers" : [ {
|
||||
"id" : "72c6175e-bd07-4c27-abd6-4e4ae38d834b",
|
||||
"name" : "username",
|
||||
"protocol" : "saml",
|
||||
"protocolMapper" : "saml-user-attribute-mapper",
|
||||
"consentRequired" : false,
|
||||
"config" : {
|
||||
"attribute.nameformat" : "Basic",
|
||||
"user.attribute" : "username",
|
||||
"friendly.name" : "username",
|
||||
"attribute.name" : "username"
|
||||
}
|
||||
}, {
|
||||
"id" : "abd6562f-4732-4da9-987f-b1a6ad6605fa",
|
||||
"name" : "roles",
|
||||
"protocol" : "saml",
|
||||
"protocolMapper" : "saml-role-list-mapper",
|
||||
"consentRequired" : false,
|
||||
"config" : {
|
||||
"single" : "true",
|
||||
"attribute.nameformat" : "Basic",
|
||||
"friendly.name" : "Roles",
|
||||
"attribute.name" : "Role"
|
||||
}
|
||||
}, {
|
||||
"id" : "50aafb71-d91c-4bc7-bb60-e1ae0222aab3",
|
||||
"name" : "email",
|
||||
"protocol" : "saml",
|
||||
"protocolMapper" : "saml-user-property-mapper",
|
||||
"consentRequired" : false,
|
||||
"config" : {
|
||||
"attribute.nameformat" : "Basic",
|
||||
"user.attribute" : "email",
|
||||
"friendly.name" : "email",
|
||||
"attribute.name" : "email"
|
||||
}
|
||||
} ],
|
||||
"defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
|
||||
"optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
|
||||
"access" : {
|
||||
"view" : true,
|
||||
"configure" : true,
|
||||
"manage" : true
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue