added jsons

docker-compose-parts/keycloak.yml

@@ -6,7 +6,7 @@ services:
     #hostname: sso.${DOMAIN}
     volumes:
       - /etc/localtime:/etc/localtime:ro
-      - ${BUILD_ROOT_PATH}/init/keycloak/jsons:/opt/jboss/keycloak/imports
+      - ${BUILD_ROOT_PATH}/init/keycloak/jsons:/opt/jboss/keycloak/imports # Uses the environment var!
       - ${BUILD_ROOT_PATH}/init/keycloak/scripts/:/opt/jboss/startup-scripts/
       - ${CUSTOM_PATH}/custom/system/keycloak/themes:/opt/jboss/keycloak/themes/
       #- ${BUILD_ROOT_PATH}/docker/keycloak/extensions/keycloak-avatar-minio-extension/:/opt/custom/deployments
@@ -14,7 +14,7 @@ services:
       - ${BUILD_ROOT_PATH}/docker/keycloak/extensions/keycloak-avatar-minio-extension/avatar-minio-extension-bundle/target/avatar-minio-extension-bundle-1.0.1.0-SNAPSHOT.ear:/opt/jboss/keycloak/standalone/deployments/avatar-minio-extension-bundle-1.0.1.0-SNAPSHOT.ear
       #- /opt/jboss/keycloak/standalone/configuration/keycloak-add-user.json
     environment:
-      #- KEYCLOAK_IMPORT=/opt/jboss/keycloak/imports/realm-export.json 
+      - KEYCLOAK_IMPORT=/opt/jboss/keycloak/imports/realm.json 
       - DB_VENDOR=POSTGRES
       - DB_ADDR=${KEYCLOAK_DB_ADDR}
       - DB_DATABASE=${KEYCLOAK_DB_DATABASE}

init/keycloak/jsons/clients.json

@@ -0,0 +1,286 @@
+[ {
+  "id" : "a92d5417-92b6-4678-9cb9-51bc0edcee8c",
+  "clientId" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/metadata.php",
+  "surrogateAuthRequired" : false,
+  "enabled" : true,
+  "alwaysDisplayInConsole" : false,
+  "clientAuthenticatorType" : "client-secret",
+  "redirectUris" : [ "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-acs.php/moodle.[[DOMAIN]]" ],
+  "webOrigins" : [ "https://moodle.[[DOMAIN]]" ],
+  "notBefore" : 0,
+  "bearerOnly" : false,
+  "consentRequired" : false,
+  "standardFlowEnabled" : true,
+  "implicitFlowEnabled" : false,
+  "directAccessGrantsEnabled" : false,
+  "serviceAccountsEnabled" : false,
+  "publicClient" : false,
+  "frontchannelLogout" : true,
+  "protocol" : "saml",
+  "attributes" : {
+    "saml.force.post.binding" : "true",
+    "saml.encrypt" : "true",
+    "saml_assertion_consumer_url_post" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-acs.php/moodle.[[DOMAIN]]",
+    "saml.server.signature" : "true",
+    "saml.server.signature.keyinfo.ext" : "false",
+    "saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]",
+    "saml_single_logout_service_url_redirect" : "https://moodle.[[DOMAIN]]/auth/saml2/sp/saml2-logout.php/moodle.[[DOMAIN]]",
+    "saml.signature.algorithm" : "RSA_SHA256",
+    "saml_force_name_id_format" : "false",
+    "saml.client.signature" : "true",
+    "saml.encryption.certificate" : "[[ENCRYPTION_CERTIFICATE]]",
+    "saml.authnstatement" : "true",
+    "saml_name_id_format" : "username",
+    "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#"
+  },
+  "authenticationFlowBindingOverrides" : { },
+  "fullScopeAllowed" : true,
+  "nodeReRegistrationTimeout" : -1,
+  "protocolMappers" : [ {
+    "id" : "9296daa3-4fc4-4b80-b007-5070f546ae13",
+    "name" : "X500 surname",
+    "protocol" : "saml",
+    "protocolMapper" : "saml-user-property-mapper",
+    "consentRequired" : false,
+    "config" : {
+      "attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
+      "user.attribute" : "lastName",
+      "friendly.name" : "surname",
+      "attribute.name" : "urn:oid:2.5.4.4"
+    }
+  }, {
+    "id" : "ccecf6e4-d20a-4211-b67c-40200a6b2c5d",
+    "name" : "username",
+    "protocol" : "saml",
+    "protocolMapper" : "saml-user-property-mapper",
+    "consentRequired" : false,
+    "config" : {
+      "attribute.nameformat" : "Basic",
+      "user.attribute" : "username",
+      "friendly.name" : "username",
+      "attribute.name" : "username"
+    }
+  }, {
+    "id" : "53858403-eba2-4f6d-81d0-cced700b5719",
+    "name" : "X500 givenName",
+    "protocol" : "saml",
+    "protocolMapper" : "saml-user-property-mapper",
+    "consentRequired" : false,
+    "config" : {
+      "attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
+      "user.attribute" : "firstName",
+      "friendly.name" : "givenName",
+      "attribute.name" : "urn:oid:2.5.4.42"
+    }
+  }, {
+    "id" : "20034db5-1d0e-4e66-b815-fb0440c6d1e2",
+    "name" : "X500 email",
+    "protocol" : "saml",
+    "protocolMapper" : "saml-user-property-mapper",
+    "consentRequired" : false,
+    "config" : {
+      "attribute.nameformat" : "urn:oasis:names:tc:SAML:2.0:attrname-format:uri",
+      "user.attribute" : "email",
+      "friendly.name" : "email",
+      "attribute.name" : "urn:oid:1.2.840.113549.1.9.1"
+    }
+  } ],
+  "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
+  "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
+  "access" : {
+    "view" : true,
+    "configure" : true,
+    "manage" : true
+  }
+}, {
+  "id" : "bef873f0-2079-4876-8657-067de27d01b7",
+  "clientId" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/metadata",
+  "surrogateAuthRequired" : false,
+  "enabled" : true,
+  "alwaysDisplayInConsole" : false,
+  "clientAuthenticatorType" : "client-secret",
+  "redirectUris" : [ "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/acs" ],
+  "webOrigins" : [ "https://nextcloud.[[DOMAIN]]" ],
+  "notBefore" : 0,
+  "bearerOnly" : false,
+  "consentRequired" : false,
+  "standardFlowEnabled" : true,
+  "implicitFlowEnabled" : false,
+  "directAccessGrantsEnabled" : false,
+  "serviceAccountsEnabled" : false,
+  "publicClient" : false,
+  "frontchannelLogout" : true,
+  "protocol" : "saml",
+  "attributes" : {
+    "saml.assertion.signature" : "true",
+    "saml.force.post.binding" : "true",
+    "saml_assertion_consumer_url_post" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/acs",
+    "saml.server.signature" : "true",
+    "saml.server.signature.keyinfo.ext" : "false",
+    "saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]",
+    "saml_single_logout_service_url_redirect" : "https://nextcloud.[[DOMAIN]]/apps/user_saml/saml/sls",
+    "saml.signature.algorithm" : "RSA_SHA256",
+    "saml_force_name_id_format" : "false",
+    "saml.client.signature" : "true",
+    "saml.authnstatement" : "true",
+    "saml_name_id_format" : "username",
+    "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#"
+  },
+  "authenticationFlowBindingOverrides" : { },
+  "fullScopeAllowed" : true,
+  "nodeReRegistrationTimeout" : -1,
+  "protocolMappers" : [ {
+    "id" : "e8e4acff-da2b-46aa-8bdb-ba42171671d6",
+    "name" : "username",
+    "protocol" : "saml",
+    "protocolMapper" : "saml-user-attribute-mapper",
+    "consentRequired" : false,
+    "config" : {
+      "attribute.nameformat" : "Basic",
+      "user.attribute" : "username",
+      "friendly.name" : "username",
+      "attribute.name" : "username"
+    }
+  }, {
+    "id" : "28206b59-757b-4e3c-81cb-0b6053b1fd3d",
+    "name" : "email",
+    "protocol" : "saml",
+    "protocolMapper" : "saml-user-property-mapper",
+    "consentRequired" : false,
+    "config" : {
+      "attribute.nameformat" : "Basic",
+      "user.attribute" : "email",
+      "friendly.name" : "email",
+      "attribute.name" : "email"
+    }
+  }, {
+    "id" : "e51e04b9-f71a-42de-819e-dd9285246ada",
+    "name" : "Roles",
+    "protocol" : "saml",
+    "protocolMapper" : "saml-role-list-mapper",
+    "consentRequired" : false,
+    "config" : {
+      "single" : "true",
+      "attribute.nameformat" : "Basic",
+      "friendly.name" : "Roles",
+      "attribute.name" : "Roles"
+    }
+  } ],
+  "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
+  "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
+  "access" : {
+    "view" : true,
+    "configure" : true,
+    "manage" : true
+  }
+}, {
+  "id" : "78a85fd1-869d-4ba4-8391-5708f7d1abe6",
+  "clientId" : "master-realm",
+  "name" : "master Realm",
+  "surrogateAuthRequired" : false,
+  "enabled" : true,
+  "alwaysDisplayInConsole" : false,
+  "clientAuthenticatorType" : "client-secret",
+  "redirectUris" : [ ],
+  "webOrigins" : [ ],
+  "notBefore" : 0,
+  "bearerOnly" : true,
+  "consentRequired" : false,
+  "standardFlowEnabled" : true,
+  "implicitFlowEnabled" : false,
+  "directAccessGrantsEnabled" : false,
+  "serviceAccountsEnabled" : false,
+  "publicClient" : false,
+  "frontchannelLogout" : false,
+  "attributes" : { },
+  "authenticationFlowBindingOverrides" : { },
+  "fullScopeAllowed" : true,
+  "nodeReRegistrationTimeout" : 0,
+  "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
+  "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
+  "access" : {
+    "view" : true,
+    "configure" : true,
+    "manage" : true
+  }
+}, {
+  "id" : "630601f8-25d1-4822-8741-c93affd2cd84",
+  "clientId" : "php-saml",
+  "surrogateAuthRequired" : false,
+  "enabled" : true,
+  "alwaysDisplayInConsole" : false,
+  "clientAuthenticatorType" : "client-secret",
+  "redirectUris" : [ "https://wp.[[DOMAIN]]/wp-login.php?saml_acs" ],
+  "webOrigins" : [ "https://wp.[[DOMAIN]]" ],
+  "notBefore" : 0,
+  "bearerOnly" : false,
+  "consentRequired" : false,
+  "standardFlowEnabled" : true,
+  "implicitFlowEnabled" : false,
+  "directAccessGrantsEnabled" : false,
+  "serviceAccountsEnabled" : false,
+  "publicClient" : false,
+  "frontchannelLogout" : true,
+  "protocol" : "saml",
+  "attributes" : {
+    "saml.force.post.binding" : "true",
+    "saml_assertion_consumer_url_post" : "https://wp.[[DOMAIN]]/wp-login.php?saml_acs",
+    "saml.server.signature" : "true",
+    "saml.server.signature.keyinfo.ext" : "false",
+    "saml.signing.certificate" : "[[SIGNING_CERTIFICATE]]",
+    "saml_single_logout_service_url_redirect" : "https://wp.[[DOMAIN]]/wp-login.php?saml_sls",
+    "saml.signature.algorithm" : "RSA_SHA256",
+    "saml_force_name_id_format" : "false",
+    "saml.client.signature" : "true",
+    "saml.authnstatement" : "true",
+    "saml_name_id_format" : "username",
+    "saml_signature_canonicalization_method" : "http://www.w3.org/2001/10/xml-exc-c14n#"
+  },
+  "authenticationFlowBindingOverrides" : { },
+  "fullScopeAllowed" : true,
+  "nodeReRegistrationTimeout" : -1,
+  "protocolMappers" : [ {
+    "id" : "72c6175e-bd07-4c27-abd6-4e4ae38d834b",
+    "name" : "username",
+    "protocol" : "saml",
+    "protocolMapper" : "saml-user-attribute-mapper",
+    "consentRequired" : false,
+    "config" : {
+      "attribute.nameformat" : "Basic",
+      "user.attribute" : "username",
+      "friendly.name" : "username",
+      "attribute.name" : "username"
+    }
+  }, {
+    "id" : "abd6562f-4732-4da9-987f-b1a6ad6605fa",
+    "name" : "roles",
+    "protocol" : "saml",
+    "protocolMapper" : "saml-role-list-mapper",
+    "consentRequired" : false,
+    "config" : {
+      "single" : "true",
+      "attribute.nameformat" : "Basic",
+      "friendly.name" : "Roles",
+      "attribute.name" : "Role"
+    }
+  }, {
+    "id" : "50aafb71-d91c-4bc7-bb60-e1ae0222aab3",
+    "name" : "email",
+    "protocol" : "saml",
+    "protocolMapper" : "saml-user-property-mapper",
+    "consentRequired" : false,
+    "config" : {
+      "attribute.nameformat" : "Basic",
+      "user.attribute" : "email",
+      "friendly.name" : "email",
+      "attribute.name" : "email"
+    }
+  } ],
+  "defaultClientScopes" : [ "web-origins", "role_list", "roles", "profile", "email" ],
+  "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ],
+  "access" : {
+    "view" : true,
+    "configure" : true,
+    "manage" : true
+  }
+} ]

init/keycloak/jsons/realm.json

@@ -0,0 +1,108 @@
+{
+  "id" : "master",
+  "realm" : "master",
+  "displayName" : "Keycloak",
+  "displayNameHtml" : "<div class=\"kc-logo-text\"><span>Keycloak</span></div>",
+  "notBefore" : 0,
+  "revokeRefreshToken" : false,
+  "refreshTokenMaxReuse" : 0,
+  "accessTokenLifespan" : 60,
+  "accessTokenLifespanForImplicitFlow" : 900,
+  "ssoSessionIdleTimeout" : 1800,
+  "ssoSessionMaxLifespan" : 36000,
+  "ssoSessionIdleTimeoutRememberMe" : 0,
+  "ssoSessionMaxLifespanRememberMe" : 0,
+  "offlineSessionIdleTimeout" : 2592000,
+  "offlineSessionMaxLifespanEnabled" : false,
+  "offlineSessionMaxLifespan" : 5184000,
+  "clientSessionIdleTimeout" : 0,
+  "clientSessionMaxLifespan" : 0,
+  "clientOfflineSessionIdleTimeout" : 0,
+  "clientOfflineSessionMaxLifespan" : 0,
+  "accessCodeLifespan" : 60,
+  "accessCodeLifespanUserAction" : 300,
+  "accessCodeLifespanLogin" : 1800,
+  "actionTokenGeneratedByAdminLifespan" : 43200,
+  "actionTokenGeneratedByUserLifespan" : 300,
+  "enabled" : true,
+  "sslRequired" : "external",
+  "registrationAllowed" : false,
+  "registrationEmailAsUsername" : false,
+  "rememberMe" : false,
+  "verifyEmail" : false,
+  "loginWithEmailAllowed" : true,
+  "duplicateEmailsAllowed" : false,
+  "resetPasswordAllowed" : false,
+  "editUsernameAllowed" : false,
+  "bruteForceProtected" : false,
+  "permanentLockout" : false,
+  "maxFailureWaitSeconds" : 900,
+  "minimumQuickLoginWaitSeconds" : 60,
+  "waitIncrementSeconds" : 60,
+  "quickLoginCheckMilliSeconds" : 1000,
+  "maxDeltaTimeSeconds" : 43200,
+  "failureFactor" : 30,
+  "defaultRoles" : [ "offline_access", "uma_authorization" ],
+  "requiredCredentials" : [ "password" ],
+  "otpPolicyType" : "totp",
+  "otpPolicyAlgorithm" : "HmacSHA1",
+  "otpPolicyInitialCounter" : 0,
+  "otpPolicyDigits" : 6,
+  "otpPolicyLookAheadWindow" : 1,
+  "otpPolicyPeriod" : 30,
+  "otpSupportedApplications" : [ "FreeOTP", "Google Authenticator" ],
+  "webAuthnPolicyRpEntityName" : "keycloak",
+  "webAuthnPolicySignatureAlgorithms" : [ "ES256" ],
+  "webAuthnPolicyRpId" : "",
+  "webAuthnPolicyAttestationConveyancePreference" : "not specified",
+  "webAuthnPolicyAuthenticatorAttachment" : "not specified",
+  "webAuthnPolicyRequireResidentKey" : "not specified",
+  "webAuthnPolicyUserVerificationRequirement" : "not specified",
+  "webAuthnPolicyCreateTimeout" : 0,
+  "webAuthnPolicyAvoidSameAuthenticatorRegister" : false,
+  "webAuthnPolicyAcceptableAaguids" : [ ],
+  "webAuthnPolicyPasswordlessRpEntityName" : "keycloak",
+  "webAuthnPolicyPasswordlessSignatureAlgorithms" : [ "ES256" ],
+  "webAuthnPolicyPasswordlessRpId" : "",
+  "webAuthnPolicyPasswordlessAttestationConveyancePreference" : "not specified",
+  "webAuthnPolicyPasswordlessAuthenticatorAttachment" : "not specified",
+  "webAuthnPolicyPasswordlessRequireResidentKey" : "not specified",
+  "webAuthnPolicyPasswordlessUserVerificationRequirement" : "not specified",
+  "webAuthnPolicyPasswordlessCreateTimeout" : 0,
+  "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister" : false,
+  "webAuthnPolicyPasswordlessAcceptableAaguids" : [ ],
+  "browserSecurityHeaders" : {
+    "contentSecurityPolicyReportOnly" : "",
+    "xContentTypeOptions" : "nosniff",
+    "xRobotsTag" : "none",
+    "xFrameOptions" : "SAMEORIGIN",
+    "contentSecurityPolicy" : "frame-src 'self'; frame-ancestors *; object-src 'none';",
+    "xXSSProtection" : "1; mode=block",
+    "strictTransportSecurity" : "max-age=31536000; includeSubDomains"
+  },
+  "smtpServer" : { },
+  "loginTheme" : "liiibrelite",
+  "accountTheme" : "account-avatar",
+  "eventsEnabled" : false,
+  "eventsListeners" : [ "jboss-logging" ],
+  "enabledEventTypes" : [ ],
+  "adminEventsEnabled" : false,
+  "adminEventsDetailsEnabled" : false,
+  "identityProviders" : [ ],
+  "identityProviderMappers" : [ ],
+  "internationalizationEnabled" : false,
+  "supportedLocales" : [ "" ],
+  "browserFlow" : "browser",
+  "registrationFlow" : "registration",
+  "directGrantFlow" : "direct grant",
+  "resetCredentialsFlow" : "reset credentials",
+  "clientAuthenticationFlow" : "clients",
+  "dockerAuthenticationFlow" : "docker auth",
+  "attributes" : {
+    "clientOfflineSessionMaxLifespan" : "0",
+    "clientSessionIdleTimeout" : "0",
+    "clientSessionMaxLifespan" : "0",
+    "clientOfflineSessionIdleTimeout" : "0"
+  },
+  "userManagedAccessAllowed" : false
+}