Skip to content

Instantly share code, notes, and snippets.

@gamemaker1

gamemaker1/application.yaml Secret

Last active October 2, 2021 17:22
Show Gist options
  • Save gamemaker1/055875c27d3af1bb27c408223b390767 to your computer and use it in GitHub Desktop.
Save gamemaker1/055875c27d3af1bb27c408223b390767 to your computer and use it in GitHub Desktop.
Download ZIP
Registry setup
Raw
application.yaml
spring:
profiles.active: dev
---
spring:
main:
allow-bean-definition-overriding: true
profiles: dev
servlet:
multipart:
enabled: true
max-file-size: 128MB
max-request-size: 128MB
output:
ansi:
enabled: always
name: dev-yaml
enviroment: development
server:
port: 8081
notification:
service:
connection_url: http://localhost:8765/divoc/notification-service/v1/notification
cors:
allowedOrigin: '*'
perf:
monitoring:
enabled: false
registry:
baseAPIS:
enable: false
internalentities: ''
externalentities: ''
context:
base: http://localhost:8081/
system:
base: http://localhost:8081/opensaber/
rootEntity:
type: Teacher
schema:
url: http://localhost:8081/_schemas/
conditionalAccess:
internal: _internal
private: _private
search:
offset: 0
limit: 2000
expandInternal: true
providerName: io.opensaber.registry.service.ElasticSearchService
read:
providerName: io.opensaber.registry.service.NativeReadService
database:
uuidPropertyName: osid
provider: SQLG
shardProperty: none
shardAdvisorClassName: io.opensaber.registry.sink.shard.DefaultShardAdvisor
connectionInfo:
- shardId: shard1
shardLabel: 1
uri: jdbc:postgresql://localhost:5432/registry
username: postgres
password: postgres
frame:
file: frame.json
encryption:
enabled: false
base: http://localhost:8013
uri: http://localhost:8013/encrypt
batch:
uri: http://localhost:8013/encrypt/obj
decryption:
uri: http://localhost:8013/decrypt
batch:
uri: http://localhost:8013/decrypt/obj
signature:
enabled: false
healthCheckURL: http://localhost:8013/
signURL: http://localhost:8013/sign
verifyURL: http://localhost:8013/verify
keysURL: http://localhost:8013/keys/
domain: https://w3id.org/security/v1/
schema:
config:
name: SignatureShape
audit:
enabled: false
frame:
store: DATABASE
suffix: Audit
suffixSeparator: _
keycloak:
auth-server-url: http://localhost:8080/auth
realm: sunbird
resource: sunbird
keycloak-admin:
client-id: sunbird
client-secret: ddcd9ae6-10a6-496c-96cc-158d64edc9e8
keycloak-user:
default-password: test
claims:
url: http://localhost:8081
authentication:
enabled: false
publicKey: xxxx
realm:
url: http://localhost:8443/auth
validation:
enabled: true
type: json
service:
connection:
timeout: 5000
request:
timeout: 5000
read:
timeout: 5000
retry:
maxAttempts: 5
backoff:
delay: 1000
taskExecutor:
index:
threadPoolName: IndexThread-
corePoolSize: 2
maxPoolSize: 2
queueCapacity: 3
auditTaskExecutor:
threadPoolName: AuditThread-
corePoolSize: 2
maxPoolSize: 2
queueCapacity: 3
elastic:
search:
enabled: false
connection_url: http://localhost:9200
filestorage:
url: http://localhost:9500
accesskey: XXXXX
secretkey: XXXXX
bucketname: dummy
Raw
docker-compose.standalone.yaml
version: '3.9'
services:
es:
container_name: es
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.1
environment:
- discovery.type=single-node
- 'ES_JAVA_OPTS=-Xms512m -Xmx512m'
ports:
- '9200:9200'
- '9300:9300'
db:
container_name: db
image: postgres
ports:
- '5432:5432'
environment:
- POSTGRES_DB=registry
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=postgres
keycloak:
container_name: kc
image: dockerhub/keycloak:1.23.3-generic
environment:
- DB_VENDOR=postgres
- DB_ADDR=db
- DB_PORT=5432
- DB_DATABASE=registry
- DB_USER=postgres
- DB_PASSWORD=postgres
- KEYCLOAK_USER=admin
- KEYCLOAK_PASSWORD=admin
ports:
- '8080:8080'
- '9990:9990'
registry:
container_name: rg
image: openjdk:8
ports:
- '8081:8081'
volumes:
- ./sources/core/java/registry/target/registry.jar:/registry.jar
command:
java -jar -Xms1024m -Xmx2048m -XX:+UseG1GC -XX:+UseGCLogFileRotation
-XX:NumberOfGCLogFiles=5 -XX:GCLogFileSize=50M
-Xloggc:logs/opensaber_gc.log /registry.jar
environment:
- sunbird_sso_url=http://kc:8080/auth
- sunbird_sso_realm=sunbird
- sunbird_sso_client_id=sunbird
- sunbird_sso_client_secret=ede412c7-08e3-4916-9aa4-28cc406ee112
- connectionInfo_uri=jdbc:postgresql://db:5432/registry
- connectionInfo_username=postgres
- connectionInfo_password=postgres
Raw
docker-compose.yaml
version: '3.9'
services:
es:
image: docker.elastic.co/elasticsearch/elasticsearch:7.10.1
environment:
- discovery.type=single-node
- 'ES_JAVA_OPTS=-Xms512m -Xmx512m'
ports:
- '9200:9200'
- '9300:9300'
healthcheck:
test: ['CMD', 'curl', '-f', 'localhost:9200/_cluster/health']
interval: 30s
timeout: 10s
retries: 4
db:
image: postgres
ports:
- '5432:5432'
environment:
- POSTGRES_DB=registry
- POSTGRES_USER=postgres
- POSTGRES_PASSWORD=postgres
keycloak:
image: dockerhub/keycloak:1.23.3-generic
environment:
- DB_VENDOR=postgres
- DB_ADDR=db
- DB_PORT=5432
- DB_DATABASE=registry
- DB_USER=postgres
- DB_PASSWORD=postgres
- KEYCLOAK_USER=admin
- KEYCLOAK_PASSWORD=admin
healthcheck:
test: ['CMD', 'curl', '-f', 'http://localhost:9990']
interval: 30s
timeout: 10s
retries: 4
ports:
- '8080:8080'
- '9990:9990'
depends_on:
- db
Raw
realm-export.json
{
"id": "sunbird",
"realm": "sunbird",
"notBefore": 0,
"revokeRefreshToken": false,
"refreshTokenMaxReuse": 0,
"accessTokenLifespan": 300,
"accessTokenLifespanForImplicitFlow": 900,
"ssoSessionIdleTimeout": 1800,
"ssoSessionMaxLifespan": 36000,
"ssoSessionIdleTimeoutRememberMe": 0,
"ssoSessionMaxLifespanRememberMe": 0,
"offlineSessionIdleTimeout": 2592000,
"offlineSessionMaxLifespanEnabled": false,
"offlineSessionMaxLifespan": 5184000,
"clientSessionIdleTimeout": 0,
"clientSessionMaxLifespan": 0,
"clientOfflineSessionIdleTimeout": 0,
"clientOfflineSessionMaxLifespan": 0,
"accessCodeLifespan": 60,
"accessCodeLifespanUserAction": 300,
"accessCodeLifespanLogin": 1800,
"actionTokenGeneratedByAdminLifespan": 43200,
"actionTokenGeneratedByUserLifespan": 300,
"enabled": true,
"sslRequired": "external",
"registrationAllowed": true,
"registrationEmailAsUsername": false,
"rememberMe": false,
"verifyEmail": false,
"loginWithEmailAllowed": true,
"duplicateEmailsAllowed": false,
"resetPasswordAllowed": false,
"editUsernameAllowed": false,
"bruteForceProtected": false,
"permanentLockout": false,
"maxFailureWaitSeconds": 900,
"minimumQuickLoginWaitSeconds": 60,
"waitIncrementSeconds": 60,
"quickLoginCheckMilliSeconds": 1000,
"maxDeltaTimeSeconds": 43200,
"failureFactor": 30,
"roles": {
"realm": [
{
"id": "3d62b698-228f-484d-8b87-68c967ae3d0b",
"name": "offline_access",
"description": "${role_offline-access}",
"composite": false,
"clientRole": false,
"containerId": "sunbird",
"attributes": {}
},
{
"id": "70982ff5-246c-4333-9301-edd1f4e545be",
"name": "uma_authorization",
"description": "${role_uma_authorization}",
"composite": false,
"clientRole": false,
"containerId": "sunbird",
"attributes": {}
}
],
"client": {
"realm-management": [
{
"id": "caa97cac-da7e-4a5d-aae2-3331ae4040ca",
"name": "view-users",
"description": "${role_view-users}",
"composite": true,
"composites": {
"client": {
"realm-management": [
"query-users",
"query-groups"
]
}
},
"clientRole": true,
"containerId": "492a4d2a-7e14-4602-a588-565912ade32a",
"attributes": {}
},
{
"id": "1491e380-0029-4ba5-8544-b83c7410761a",
"name": "view-events",
"description": "${role_view-events}",
"composite": false,
"clientRole": true,
"containerId": "492a4d2a-7e14-4602-a588-565912ade32a",
"attributes": {}
},
{
"id": "237b55e1-bd72-45db-93d7-c8f3a401664e",
"name": "query-clients",
"description": "${role_query-clients}",
"composite": false,
"clientRole": true,
"containerId": "492a4d2a-7e14-4602-a588-565912ade32a",
"attributes": {}
},
{
"id": "e921b552-178e-4e99-89ed-da55e45c0151",
"name": "manage-realm",
"description": "${role_manage-realm}",
"composite": false,
"clientRole": true,
"containerId": "492a4d2a-7e14-4602-a588-565912ade32a",
"attributes": {}
},
{
"id": "9e2eb56b-c75c-4bdb-8a08-37d6ff418ebb",
"name": "manage-events",
"description": "${role_manage-events}",
"composite": false,
"clientRole": true,
"containerId": "492a4d2a-7e14-4602-a588-565912ade32a",
"attributes": {}
},
{
"id": "f94e0523-bdd1-4c45-b9f0-35a56cfcf906",
"name": "manage-clients",
"description": "${role_manage-clients}",
"composite": false,
"clientRole": true,
"containerId": "492a4d2a-7e14-4602-a588-565912ade32a",
"attributes": {}
},
{
"id": "b49d8667-b9b8-4788-830e-381ccbe8176a",
"name": "query-realms",
"description": "${role_query-realms}",
"composite": false,
"clientRole": true,
"containerId": "492a4d2a-7e14-4602-a588-565912ade32a",
"attributes": {}
},
{
"id": "5e9f3e38-d37f-4e66-b8dd-013bb707f529",
"name": "query-groups",
"description": "${role_query-groups}",
"composite": false,
"clientRole": true,
"containerId": "492a4d2a-7e14-4602-a588-565912ade32a",
"attributes": {}
},
{
"id": "13729c44-366b-43d4-9f6a-b540229a6272",
"name": "manage-identity-providers",
"description": "${role_manage-identity-providers}",
"composite": false,
"clientRole": true,
"containerId": "492a4d2a-7e14-4602-a588-565912ade32a",
"attributes": {}
},
{
"id": "fea5f090-af72-4850-9242-c874eb8b078f",
"name": "impersonation",
"description": "${role_impersonation}",
"composite": false,
"clientRole": true,
"containerId": "492a4d2a-7e14-4602-a588-565912ade32a",
"attributes": {}
},
{
"id": "8490aabe-bc55-46f3-b83a-3c2b55091df3",
"name": "manage-authorization",
"description": "${role_manage-authorization}",
"composite": false,
"clientRole": true,
"containerId": "492a4d2a-7e14-4602-a588-565912ade32a",
"attributes": {}
},
{
"id": "df64983a-1bf4-4357-b5d0-03c2d34cdefc",
"name": "view-authorization",
"description": "${role_view-authorization}",
"composite": false,
"clientRole": true,
"containerId": "492a4d2a-7e14-4602-a588-565912ade32a",
"attributes": {}
},
{
"id": "ea7beac0-b515-488e-912a-d6688d92cd9a",
"name": "view-clients",
"description": "${role_view-clients}",
"composite": true,
"composites": {
"client": {
"realm-management": [
"query-clients"
]
}
},
"clientRole": true,
"containerId": "492a4d2a-7e14-4602-a588-565912ade32a",
"attributes": {}
},
{
"id": "ff267c43-3d0c-4143-ab1e-072e8c05a987",
"name": "query-users",
"description": "${role_query-users}",
"composite": false,
"clientRole": true,
"containerId": "492a4d2a-7e14-4602-a588-565912ade32a",
"attributes": {}
},
{
"id": "d6bc4764-2609-44ec-8cab-0019f6bdaec6",
"name": "view-realm",
"description": "${role_view-realm}",
"composite": false,
"clientRole": true,
"containerId": "492a4d2a-7e14-4602-a588-565912ade32a",
"attributes": {}
},
{
"id": "fe13de99-78e5-4b9f-82d3-b71221e58624",
"name": "view-identity-providers",
"description": "${role_view-identity-providers}",
"composite": false,
"clientRole": true,
"containerId": "492a4d2a-7e14-4602-a588-565912ade32a",
"attributes": {}
},
{
"id": "90527d26-de29-46fc-a788-1ad8920e2f3b",
"name": "realm-admin",
"description": "${role_realm-admin}",
"composite": true,
"composites": {
"client": {
"realm-management": [
"view-users",
"view-events",
"query-clients",
"manage-realm",
"manage-events",
"manage-clients",
"query-realms",
"query-groups",
"manage-identity-providers",
"impersonation",
"manage-authorization",
"view-authorization",
"view-clients",
"query-users",
"view-realm",
"view-identity-providers",
"create-client",
"manage-users"
]
}
},
"clientRole": true,
"containerId": "492a4d2a-7e14-4602-a588-565912ade32a",
"attributes": {}
},
{
"id": "a0e03543-7eb5-40da-aa6d-7904e1087074",
"name": "create-client",
"description": "${role_create-client}",
"composite": false,
"clientRole": true,
"containerId": "492a4d2a-7e14-4602-a588-565912ade32a",
"attributes": {}
},
{
"id": "b7cef0ba-d3ed-4b2e-aea5-d8dc9d04877f",
"name": "manage-users",
"description": "${role_manage-users}",
"composite": false,
"clientRole": true,
"containerId": "492a4d2a-7e14-4602-a588-565912ade32a",
"attributes": {}
}
],
"security-admin-console": [],
"admin-cli": [],
"sunbird": [
{
"id": "873b127b-2c29-4828-be41-e5cce718d026",
"name": "uma_protection",
"composite": false,
"clientRole": true,
"containerId": "c8069a2e-9004-4a85-8dbc-2751984d3fc5",
"attributes": {}
}
],
"account-console": [],
"broker": [
{
"id": "23e000c8-61b2-49fc-ac52-7624139ab08b",
"name": "read-token",
"description": "${role_read-token}",
"composite": false,
"clientRole": true,
"containerId": "23f870cd-257f-4c26-992d-493c2df55b53",
"attributes": {}
}
],
"account": [
{
"id": "0e2aacdf-25b2-4cfd-903e-125549ad8190",
"name": "view-profile",
"description": "${role_view-profile}",
"composite": false,
"clientRole": true,
"containerId": "924ebeca-88d6-48a2-9683-4e97eb2377d8",
"attributes": {}
},
{
"id": "96fbe8c3-b8de-4aab-a07c-ba73785aa450",
"name": "manage-account-links",
"description": "${role_manage-account-links}",
"composite": false,
"clientRole": true,
"containerId": "924ebeca-88d6-48a2-9683-4e97eb2377d8",
"attributes": {}
},
{
"id": "aa89f500-487a-4cc5-9780-763dec8d0da5",
"name": "manage-account",
"description": "${role_manage-account}",
"composite": true,
"composites": {
"client": {
"account": [
"manage-account-links"
]
}
},
"clientRole": true,
"containerId": "924ebeca-88d6-48a2-9683-4e97eb2377d8",
"attributes": {}
},
{
"id": "639d5575-0ea1-47a1-87f5-d1b665e2e655",
"name": "view-consent",
"description": "${role_view-consent}",
"composite": false,
"clientRole": true,
"containerId": "924ebeca-88d6-48a2-9683-4e97eb2377d8",
"attributes": {}
},
{
"id": "226973a9-6c08-4f43-a1d2-cc487e9cc928",
"name": "view-applications",
"description": "${role_view-applications}",
"composite": false,
"clientRole": true,
"containerId": "924ebeca-88d6-48a2-9683-4e97eb2377d8",
"attributes": {}
},
{
"id": "224c5b29-5826-4cc4-9f41-a064121fd43f",
"name": "manage-consent",
"description": "${role_manage-consent}",
"composite": true,
"composites": {
"client": {
"account": [
"view-consent"
]
}
},
"clientRole": true,
"containerId": "924ebeca-88d6-48a2-9683-4e97eb2377d8",
"attributes": {}
}
]
}
},
"groups": [],
"defaultRoles": [
"offline_access",
"uma_authorization"
],
"requiredCredentials": [
"password"
],
"otpPolicyType": "totp",
"otpPolicyAlgorithm": "HmacSHA1",
"otpPolicyInitialCounter": 0,
"otpPolicyDigits": 6,
"otpPolicyLookAheadWindow": 1,
"otpPolicyPeriod": 30,
"otpSupportedApplications": [
"FreeOTP",
"Google Authenticator"
],
"webAuthnPolicyRpEntityName": "keycloak",
"webAuthnPolicySignatureAlgorithms": [
"ES256"
],
"webAuthnPolicyRpId": "",
"webAuthnPolicyAttestationConveyancePreference": "not specified",
"webAuthnPolicyAuthenticatorAttachment": "not specified",
"webAuthnPolicyRequireResidentKey": "not specified",
"webAuthnPolicyUserVerificationRequirement": "not specified",
"webAuthnPolicyCreateTimeout": 0,
"webAuthnPolicyAvoidSameAuthenticatorRegister": false,
"webAuthnPolicyAcceptableAaguids": [],
"webAuthnPolicyPasswordlessRpEntityName": "keycloak",
"webAuthnPolicyPasswordlessSignatureAlgorithms": [
"ES256"
],
"webAuthnPolicyPasswordlessRpId": "",
"webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified",
"webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified",
"webAuthnPolicyPasswordlessRequireResidentKey": "not specified",
"webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified",
"webAuthnPolicyPasswordlessCreateTimeout": 0,
"webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false,
"webAuthnPolicyPasswordlessAcceptableAaguids": [],
"users": [
{
"id": "d717e382-7a5c-4e7c-8ab6-eb7b2631612e",
"createdTimestamp": 1633171909256,
"username": "service-account-sunbird",
"enabled": true,
"totp": false,
"emailVerified": false,
"serviceAccountClientId": "sunbird",
"disableableCredentialTypes": [],
"requiredActions": [],
"realmRoles": [
"offline_access",
"uma_authorization"
],
"clientRoles": {
"sunbird": [
"uma_protection"
],
"account": [
"view-profile",
"manage-account"
]
},
"notBefore": 0,
"groups": []
}
],
"scopeMappings": [
{
"clientScope": "offline_access",
"roles": [
"offline_access"
]
}
],
"clientScopeMappings": {
"account": [
{
"client": "account-console",
"roles": [
"manage-account"
]
}
]
},
"clients": [
{
"id": "924ebeca-88d6-48a2-9683-4e97eb2377d8",
"clientId": "account",
"name": "${client_account}",
"rootUrl": "${authBaseUrl}",
"baseUrl": "/realms/sunbird/account/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "**********",
"defaultRoles": [
"view-profile",
"manage-account"
],
"redirectUris": [
"/realms/sunbird/account/*"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": [
"web-origins",
"role_list",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "4e73b2c7-ea70-45a4-9d28-63e9158d234d",
"clientId": "account-console",
"name": "${client_account-console}",
"rootUrl": "${authBaseUrl}",
"baseUrl": "/realms/sunbird/account/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "**********",
"redirectUris": [
"/realms/sunbird/account/*"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"pkce.code.challenge.method": "S256"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"protocolMappers": [
{
"id": "fb2b2d91-0391-4e7b-b558-2d4363ce6c62",
"name": "audience resolve",
"protocol": "openid-connect",
"protocolMapper": "oidc-audience-resolve-mapper",
"consentRequired": false,
"config": {}
}
],
"defaultClientScopes": [
"web-origins",
"role_list",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "c219f367-c597-438a-b9a4-4caee0816106",
"clientId": "admin-cli",
"name": "${client_admin-cli}",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "**********",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": false,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": [
"web-origins",
"role_list",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "23f870cd-257f-4c26-992d-493c2df55b53",
"clientId": "broker",
"name": "${client_broker}",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "**********",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": [
"web-origins",
"role_list",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "492a4d2a-7e14-4602-a588-565912ade32a",
"clientId": "realm-management",
"name": "${client_realm-management}",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "**********",
"redirectUris": [],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": true,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"defaultClientScopes": [
"web-origins",
"role_list",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "4a6a13aa-7b10-4d84-83fb-5eb0c18177f2",
"clientId": "security-admin-console",
"name": "${client_security-admin-console}",
"rootUrl": "${authAdminUrl}",
"baseUrl": "/admin/sunbird/console/",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "**********",
"redirectUris": [
"/admin/sunbird/console/*"
],
"webOrigins": [
"+"
],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"pkce.code.challenge.method": "S256"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": false,
"nodeReRegistrationTimeout": 0,
"protocolMappers": [
{
"id": "dcbe3b7d-4b39-4c6a-a2b7-98e16dc37357",
"name": "locale",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "locale",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "locale",
"jsonType.label": "String"
}
}
],
"defaultClientScopes": [
"web-origins",
"role_list",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "c8069a2e-9004-4a85-8dbc-2751984d3fc5",
"clientId": "sunbird",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret": "**********",
"redirectUris": [
"http://localhost:8081/sso/login"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": true,
"authorizationServicesEnabled": true,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.assertion.signature": "false",
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"saml.encrypt": "false",
"saml.server.signature": "false",
"saml.server.signature.keyinfo.ext": "false",
"exclude.session.state.from.auth.response": "false",
"saml_force_name_id_format": "false",
"saml.client.signature": "false",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"protocolMappers": [
{
"id": "4afc60fc-468f-498b-b3c9-b32047faf2bd",
"name": "Client Host",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientHost",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientHost",
"jsonType.label": "String"
}
},
{
"id": "ace45035-c6b0-49cb-863f-d245df012013",
"name": "Client IP Address",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientAddress",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientAddress",
"jsonType.label": "String"
}
},
{
"id": "1d91e494-227a-4ba4-bb61-a3329b11749e",
"name": "Client ID",
"protocol": "openid-connect",
"protocolMapper": "oidc-usersessionmodel-note-mapper",
"consentRequired": false,
"config": {
"user.session.note": "clientId",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "clientId",
"jsonType.label": "String"
}
}
],
"defaultClientScopes": [
"web-origins",
"role_list",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"authorizationSettings": {
"allowRemoteResourceManagement": true,
"policyEnforcementMode": "ENFORCING",
"resources": [
{
"name": "Default Resource",
"type": "urn:sunbird:resources:default",
"ownerManagedAccess": false,
"attributes": {},
"_id": "5a621dfb-f4e1-495c-8c96-be7dc678ba94",
"uris": [
"/*"
]
}
],
"policies": [
{
"id": "d6e94886-721d-42c0-9332-977a9f6c0e47",
"name": "Default Policy",
"description": "A policy that grants access only for users within this realm",
"type": "js",
"logic": "POSITIVE",
"decisionStrategy": "AFFIRMATIVE",
"config": {
"code": "// by default, grants any permission associated with this policy\n$evaluation.grant();\n"
}
},
{
"id": "3ea48cf1-c64d-4e11-93f7-6bf102ef1537",
"name": "Default Permission",
"description": "A permission that applies to the default resource type",
"type": "resource",
"logic": "POSITIVE",
"decisionStrategy": "UNANIMOUS",
"config": {
"defaultResourceType": "urn:sunbird:resources:default",
"applyPolicies": "[\"Default Policy\"]"
}
}
],
"scopes": [],
"decisionStrategy": "UNANIMOUS"
}
}
],
"clientScopes": [
{
"id": "d0ce3460-d174-4fdb-a2e1-46249efa79c2",
"name": "offline_access",
"description": "OpenID Connect built-in scope: offline_access",
"protocol": "openid-connect",
"attributes": {
"consent.screen.text": "${offlineAccessScopeConsentText}",
"display.on.consent.screen": "true"
}
},
{
"id": "146a1dec-5231-4019-94b6-88bde7b7fbdd",
"name": "role_list",
"description": "SAML role list",
"protocol": "saml",
"attributes": {
"consent.screen.text": "${samlRoleListScopeConsentText}",
"display.on.consent.screen": "true"
},
"protocolMappers": [
{
"id": "8693a986-5410-4cda-bba9-b39bf280b60e",
"name": "role list",
"protocol": "saml",
"protocolMapper": "saml-role-list-mapper",
"consentRequired": false,
"config": {
"single": "false",
"attribute.nameformat": "Basic",
"attribute.name": "Role"
}
}
]
},
{
"id": "f9b761fd-0b5c-4041-9fca-ec1437f0ce15",
"name": "profile",
"description": "OpenID Connect built-in scope: profile",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true",
"consent.screen.text": "${profileScopeConsentText}"
},
"protocolMappers": [
{
"id": "03f1d057-4465-46db-a05e-3ac4d816546e",
"name": "family name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "lastName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "family_name",
"jsonType.label": "String"
}
},
{
"id": "3a0f8a57-d695-4970-b3f5-8f1a8b3e2d67",
"name": "picture",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "picture",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "picture",
"jsonType.label": "String"
}
},
{
"id": "27e3e84c-9c1f-4e3e-b403-a661d8ee5a4c",
"name": "gender",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "gender",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "gender",
"jsonType.label": "String"
}
},
{
"id": "a4adb4d9-af37-474d-bb7c-f34f8edc0a64",
"name": "updated at",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "updatedAt",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "updated_at",
"jsonType.label": "String"
}
},
{
"id": "33a54cf9-4db0-4637-b428-c6217f7295c2",
"name": "username",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "username",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "preferred_username",
"jsonType.label": "String"
}
},
{
"id": "465d0e1b-c9fb-4057-90ce-1a66ec3e4ec7",
"name": "given name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "firstName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "given_name",
"jsonType.label": "String"
}
},
{
"id": "ab9ccd9b-3e6d-4866-9892-f3fe67dbc2b6",
"name": "birthdate",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "birthdate",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "birthdate",
"jsonType.label": "String"
}
},
{
"id": "4b44f3a2-218a-4164-91e1-807fa481c676",
"name": "nickname",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "nickname",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "nickname",
"jsonType.label": "String"
}
},
{
"id": "9642ac8f-c5c1-41f1-a36c-19206fb3574b",
"name": "locale",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "locale",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "locale",
"jsonType.label": "String"
}
},
{
"id": "5cf6bee5-0305-432d-b886-9fd56f66b6f4",
"name": "full name",
"protocol": "openid-connect",
"protocolMapper": "oidc-full-name-mapper",
"consentRequired": false,
"config": {
"id.token.claim": "true",
"access.token.claim": "true",
"userinfo.token.claim": "true"
}
},
{
"id": "62a63591-b925-466a-a117-fa1400648e56",
"name": "website",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "website",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "website",
"jsonType.label": "String"
}
},
{
"id": "22bb9a7e-c311-4bf7-8f43-d66cc20f3d4e",
"name": "zoneinfo",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "zoneinfo",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "zoneinfo",
"jsonType.label": "String"
}
},
{
"id": "8f833493-b99d-41a7-9dee-69351721cba8",
"name": "profile",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "profile",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "profile",
"jsonType.label": "String"
}
},
{
"id": "07fd1983-8f16-4dac-9d80-bcd5d049a8af",
"name": "middle name",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "middleName",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "middle_name",
"jsonType.label": "String"
}
}
]
},
{
"id": "c68a41dc-c771-420e-85e1-cbb2712ef808",
"name": "email",
"description": "OpenID Connect built-in scope: email",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true",
"consent.screen.text": "${emailScopeConsentText}"
},
"protocolMappers": [
{
"id": "dbd189f4-617c-4a1e-8dbd-59803e967fec",
"name": "email",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "email",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email",
"jsonType.label": "String"
}
},
{
"id": "f0eeef1e-17a7-4888-a5f8-f5bed5a19833",
"name": "email verified",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "emailVerified",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email_verified",
"jsonType.label": "boolean"
}
}
]
},
{
"id": "60366cbc-0a39-471f-af08-376fc5574c4e",
"name": "address",
"description": "OpenID Connect built-in scope: address",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true",
"consent.screen.text": "${addressScopeConsentText}"
},
"protocolMappers": [
{
"id": "d68c8dba-0a1e-45c6-9459-3f831bb83b32",
"name": "address",
"protocol": "openid-connect",
"protocolMapper": "oidc-address-mapper",
"consentRequired": false,
"config": {
"user.attribute.formatted": "formatted",
"user.attribute.country": "country",
"user.attribute.postal_code": "postal_code",
"userinfo.token.claim": "true",
"user.attribute.street": "street",
"id.token.claim": "true",
"user.attribute.region": "region",
"access.token.claim": "true",
"user.attribute.locality": "locality"
}
}
]
},
{
"id": "ea000402-f64f-4eaf-8874-ecd1c7de96cb",
"name": "phone",
"description": "OpenID Connect built-in scope: phone",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "true",
"consent.screen.text": "${phoneScopeConsentText}"
},
"protocolMappers": [
{
"id": "3675aae1-ca6b-4e2f-9a01-1c807829d808",
"name": "phone number",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "phoneNumber",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "phone_number",
"jsonType.label": "String"
}
},
{
"id": "e90d106c-2947-4d45-bffd-1bbb6350e8a5",
"name": "phone number verified",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "phoneNumberVerified",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "phone_number_verified",
"jsonType.label": "boolean"
}
}
]
},
{
"id": "2bf2cb5a-613c-4cf3-b3f5-8d24b3f5698f",
"name": "roles",
"description": "OpenID Connect scope for add user roles to the access token",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "false",
"display.on.consent.screen": "true",
"consent.screen.text": "${rolesScopeConsentText}"
},
"protocolMappers": [
{
"id": "c9b01802-1cbf-471d-83d0-a5570a2a1a88",
"name": "client roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-client-role-mapper",
"consentRequired": false,
"config": {
"multivalued": "true",
"user.attribute": "foo",
"access.token.claim": "true",
"claim.name": "resource_access.${client_id}.roles",
"jsonType.label": "String"
}
},
{
"id": "1f0369d8-e781-4d6d-a3b0-aa3e1286582d",
"name": "audience resolve",
"protocol": "openid-connect",
"protocolMapper": "oidc-audience-resolve-mapper",
"consentRequired": false,
"config": {}
},
{
"id": "8e280f4e-683f-441c-bcd0-419557b908a5",
"name": "realm roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"multivalued": "true",
"user.attribute": "foo",
"access.token.claim": "true",
"claim.name": "realm_access.roles",
"jsonType.label": "String"
}
}
]
},
{
"id": "66c5c75a-49c5-4cb7-aec6-9344aafdab8a",
"name": "web-origins",
"description": "OpenID Connect scope for add allowed web origins to the access token",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "false",
"display.on.consent.screen": "false",
"consent.screen.text": ""
},
"protocolMappers": [
{
"id": "5822be07-721e-4cb8-8daf-dcec1db36fd6",
"name": "allowed web origins",
"protocol": "openid-connect",
"protocolMapper": "oidc-allowed-origins-mapper",
"consentRequired": false,
"config": {}
}
]
},
{
"id": "60cbc7bb-43e7-4396-84e8-0120547759d1",
"name": "microprofile-jwt",
"description": "Microprofile - JWT built-in scope",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"display.on.consent.screen": "false"
},
"protocolMappers": [
{
"id": "1405f51a-4638-42db-8a9e-441ea4251e05",
"name": "groups",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"multivalued": "true",
"user.attribute": "foo",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "groups",
"jsonType.label": "String"
}
},
{
"id": "f6b3393e-9278-4310-a1b1-518888b69c0e",
"name": "upn",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "username",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "upn",
"jsonType.label": "String"
}
}
]
}
],
"defaultDefaultClientScopes": [
"role_list",
"profile",
"email",
"roles",
"web-origins"
],
"defaultOptionalClientScopes": [
"offline_access",
"address",
"phone",
"microprofile-jwt"
],
"browserSecurityHeaders": {
"contentSecurityPolicyReportOnly": "",
"xContentTypeOptions": "nosniff",
"xRobotsTag": "none",
"xFrameOptions": "SAMEORIGIN",
"contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';",
"xXSSProtection": "1; mode=block",
"strictTransportSecurity": "max-age=31536000; includeSubDomains"
},
"smtpServer": {},
"eventsEnabled": false,
"eventsListeners": [
"jboss-logging"
],
"enabledEventTypes": [],
"adminEventsEnabled": false,
"adminEventsDetailsEnabled": false,
"components": {
"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [
{
"id": "7fa13927-d9de-44c3-bb50-b6fb6e7e066a",
"name": "Allowed Protocol Mapper Types",
"providerId": "allowed-protocol-mappers",
"subType": "authenticated",
"subComponents": {},
"config": {
"allowed-protocol-mapper-types": [
"oidc-sha256-pairwise-sub-mapper",
"oidc-usermodel-attribute-mapper",
"oidc-address-mapper",
"oidc-full-name-mapper",
"saml-user-property-mapper",
"saml-user-attribute-mapper",
"saml-role-list-mapper",
"oidc-usermodel-property-mapper"
]
}
},
{
"id": "6630fbc5-a59f-4950-842a-11f0aa846a39",
"name": "Max Clients Limit",
"providerId": "max-clients",
"subType": "anonymous",
"subComponents": {},
"config": {
"max-clients": [
"200"
]
}
},
{
"id": "88a9648c-d09f-429b-af2a-cba2d96a46cb",
"name": "Allowed Client Scopes",
"providerId": "allowed-client-templates",
"subType": "anonymous",
"subComponents": {},
"config": {
"allow-default-scopes": [
"true"
]
}
},
{
"id": "0a51d3e7-7aa7-4985-a1b1-870cf5d988e1",
"name": "Trusted Hosts",
"providerId": "trusted-hosts",
"subType": "anonymous",
"subComponents": {},
"config": {
"host-sending-registration-request-must-match": [
"true"
],
"client-uris-must-match": [
"true"
]
}
},
{
"id": "1722c24d-6e5a-4ab7-bf61-7db71b50b993",
"name": "Consent Required",
"providerId": "consent-required",
"subType": "anonymous",
"subComponents": {},
"config": {}
},
{
"id": "222e182b-14e0-4e91-8f0c-bfbc036bc7ae",
"name": "Allowed Client Scopes",
"providerId": "allowed-client-templates",
"subType": "authenticated",
"subComponents": {},
"config": {
"allow-default-scopes": [
"true"
]
}
},
{
"id": "63346402-dd57-453d-9558-30e787e3e407",
"name": "Allowed Protocol Mapper Types",
"providerId": "allowed-protocol-mappers",
"subType": "anonymous",
"subComponents": {},
"config": {
"allowed-protocol-mapper-types": [
"oidc-full-name-mapper",
"oidc-sha256-pairwise-sub-mapper",
"oidc-usermodel-attribute-mapper",
"oidc-usermodel-property-mapper",
"saml-user-attribute-mapper",
"saml-user-property-mapper",
"oidc-address-mapper",
"saml-role-list-mapper"
]
}
},
{
"id": "4d1416a4-258b-4da8-81d1-4f9a11bdf5f3",
"name": "Full Scope Disabled",
"providerId": "scope",
"subType": "anonymous",
"subComponents": {},
"config": {}
}
],
"org.keycloak.keys.KeyProvider": [
{
"id": "f3f0b893-d3d7-49ed-9143-b3d79b107a1a",
"name": "rsa-generated",
"providerId": "rsa-generated",
"subComponents": {},
"config": {
"priority": [
"100"
]
}
},
{
"id": "3d4f6edf-00b6-4f41-851d-ff9992ef5876",
"name": "aes-generated",
"providerId": "aes-generated",
"subComponents": {},
"config": {
"priority": [
"100"
]
}
},
{
"id": "0a06e7c5-7574-4515-81c8-db8ed44eec4f",
"name": "hmac-generated",
"providerId": "hmac-generated",
"subComponents": {},
"config": {
"priority": [
"100"
],
"algorithm": [
"HS256"
]
}
}
]
},
"internationalizationEnabled": false,
"supportedLocales": [],
"authenticationFlows": [
{
"id": "40a3e792-dd34-4469-90ae-065e693e19bf",
"alias": "Account verification options",
"description": "Method with which to verity the existing account",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "idp-email-verification",
"requirement": "ALTERNATIVE",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"requirement": "ALTERNATIVE",
"priority": 20,
"flowAlias": "Verify Existing Account by Re-authentication",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "a2b6fbaf-1879-4d9e-8578-f37645939f19",
"alias": "Authentication Options",
"description": "Authentication options.",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "basic-auth",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "basic-auth-otp",
"requirement": "DISABLED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "auth-spnego",
"requirement": "DISABLED",
"priority": 30,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "d3ff51d3-fca0-4ae9-8922-c4f36eae81d5",
"alias": "Browser - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "conditional-user-configured",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "auth-otp-form",
"requirement": "REQUIRED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "a0399efd-9a67-4f9c-89ea-000d04bd48d1",
"alias": "Direct Grant - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "conditional-user-configured",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "direct-grant-validate-otp",
"requirement": "REQUIRED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "ae243456-b794-4fca-876d-60f216b5fca9",
"alias": "First broker login - Conditional OTP",
"description": "Flow to determine if the OTP is required for the authentication",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "conditional-user-configured",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "auth-otp-form",
"requirement": "REQUIRED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "c3c0f2b5-1821-4d9a-9c36-bf7266179a64",
"alias": "Handle Existing Account",
"description": "Handle what to do if there is existing account with same email/username like authenticated identity provider",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "idp-confirm-link",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"requirement": "REQUIRED",
"priority": 20,
"flowAlias": "Account verification options",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "92c109df-78f2-4470-839c-61ac1bfe91c1",
"alias": "Reset - Conditional OTP",
"description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "conditional-user-configured",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "reset-otp",
"requirement": "REQUIRED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "490bfa05-9968-486d-ba13-303834a89e54",
"alias": "User creation or linking",
"description": "Flow for the existing/non-existing user alternatives",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticatorConfig": "create unique user config",
"authenticator": "idp-create-user-if-unique",
"requirement": "ALTERNATIVE",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"requirement": "ALTERNATIVE",
"priority": 20,
"flowAlias": "Handle Existing Account",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "340193ac-0619-4634-b12f-9b1586bde55b",
"alias": "Verify Existing Account by Re-authentication",
"description": "Reauthentication of existing account",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "idp-username-password-form",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"requirement": "CONDITIONAL",
"priority": 20,
"flowAlias": "First broker login - Conditional OTP",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "0dceb04d-091f-4ebf-8a1a-4ab5eeaba573",
"alias": "browser",
"description": "browser based authentication",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "auth-cookie",
"requirement": "ALTERNATIVE",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "auth-spnego",
"requirement": "DISABLED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "identity-provider-redirector",
"requirement": "ALTERNATIVE",
"priority": 25,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"requirement": "ALTERNATIVE",
"priority": 30,
"flowAlias": "forms",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "3002c324-794a-403e-8ff9-c803da46e231",
"alias": "clients",
"description": "Base authentication for clients",
"providerId": "client-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "client-secret",
"requirement": "ALTERNATIVE",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "client-jwt",
"requirement": "ALTERNATIVE",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "client-secret-jwt",
"requirement": "ALTERNATIVE",
"priority": 30,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "client-x509",
"requirement": "ALTERNATIVE",
"priority": 40,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "00225636-67c3-47d8-a320-0626083d9695",
"alias": "direct grant",
"description": "OpenID Connect Resource Owner Grant",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "direct-grant-validate-username",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "direct-grant-validate-password",
"requirement": "REQUIRED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"requirement": "CONDITIONAL",
"priority": 30,
"flowAlias": "Direct Grant - Conditional OTP",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "f025db2b-1fff-4db7-8cd8-dbd2eb69c456",
"alias": "docker auth",
"description": "Used by Docker clients to authenticate against the IDP",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "docker-http-basic-authenticator",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "32cc2395-bf05-4d7f-a413-50edf4be660e",
"alias": "first broker login",
"description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticatorConfig": "review profile config",
"authenticator": "idp-review-profile",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"requirement": "REQUIRED",
"priority": 20,
"flowAlias": "User creation or linking",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "5e3c4423-aecf-4096-9b3a-c0efb224afb8",
"alias": "forms",
"description": "Username, password, otp and other auth forms.",
"providerId": "basic-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "auth-username-password-form",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"requirement": "CONDITIONAL",
"priority": 20,
"flowAlias": "Browser - Conditional OTP",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "a4070e9d-9720-46c5-aad8-6bdc0d542112",
"alias": "http challenge",
"description": "An authentication flow based on challenge-response HTTP Authentication Schemes",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "no-cookie-redirect",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"requirement": "REQUIRED",
"priority": 20,
"flowAlias": "Authentication Options",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "7be86764-ccd5-4df1-a047-f258ea0088c8",
"alias": "registration",
"description": "registration flow",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "registration-page-form",
"requirement": "REQUIRED",
"priority": 10,
"flowAlias": "registration form",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "6ca83039-d6c8-4a80-8e62-6b837b5a25ac",
"alias": "registration form",
"description": "registration form",
"providerId": "form-flow",
"topLevel": false,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "registration-user-creation",
"requirement": "REQUIRED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "registration-profile-action",
"requirement": "REQUIRED",
"priority": 40,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "registration-password-action",
"requirement": "REQUIRED",
"priority": 50,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "registration-recaptcha-action",
"requirement": "DISABLED",
"priority": 60,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
},
{
"id": "f833be97-c7ce-43eb-b409-e959d8c806b8",
"alias": "reset credentials",
"description": "Reset credentials for a user if they forgot their password or something",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "reset-credentials-choose-user",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "reset-credential-email",
"requirement": "REQUIRED",
"priority": 20,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"authenticator": "reset-password",
"requirement": "REQUIRED",
"priority": 30,
"userSetupAllowed": false,
"autheticatorFlow": false
},
{
"requirement": "CONDITIONAL",
"priority": 40,
"flowAlias": "Reset - Conditional OTP",
"userSetupAllowed": false,
"autheticatorFlow": true
}
]
},
{
"id": "74010dd2-8a73-4727-bdce-bd7a5af32b0d",
"alias": "saml ecp",
"description": "SAML ECP Profile Authentication Flow",
"providerId": "basic-flow",
"topLevel": true,
"builtIn": true,
"authenticationExecutions": [
{
"authenticator": "http-basic-authenticator",
"requirement": "REQUIRED",
"priority": 10,
"userSetupAllowed": false,
"autheticatorFlow": false
}
]
}
],
"authenticatorConfig": [
{
"id": "775d88a0-b8a3-4eb8-acaa-730615a35099",
"alias": "create unique user config",
"config": {
"require.password.update.after.registration": "false"
}
},
{
"id": "e69684d4-8497-4693-b737-47130c18a669",
"alias": "review profile config",
"config": {
"update.profile.on.first.login": "missing"
}
}
],
"requiredActions": [
{
"alias": "CONFIGURE_TOTP",
"name": "Configure OTP",
"providerId": "CONFIGURE_TOTP",
"enabled": true,
"defaultAction": false,
"priority": 10,
"config": {}
},
{
"alias": "terms_and_conditions",
"name": "Terms and Conditions",
"providerId": "terms_and_conditions",
"enabled": false,
"defaultAction": false,
"priority": 20,
"config": {}
},
{
"alias": "UPDATE_PASSWORD",
"name": "Update Password",
"providerId": "UPDATE_PASSWORD",
"enabled": true,
"defaultAction": false,
"priority": 30,
"config": {}
},
{
"alias": "UPDATE_PROFILE",
"name": "Update Profile",
"providerId": "UPDATE_PROFILE",
"enabled": true,
"defaultAction": false,
"priority": 40,
"config": {}
},
{
"alias": "VERIFY_EMAIL",
"name": "Verify Email",
"providerId": "VERIFY_EMAIL",
"enabled": true,
"defaultAction": false,
"priority": 50,
"config": {}
},
{
"alias": "update_user_locale",
"name": "Update User Locale",
"providerId": "update_user_locale",
"enabled": true,
"defaultAction": false,
"priority": 1000,
"config": {}
}
],
"browserFlow": "browser",
"registrationFlow": "registration",
"directGrantFlow": "direct grant",
"resetCredentialsFlow": "reset credentials",
"clientAuthenticationFlow": "clients",
"dockerAuthenticationFlow": "docker auth",
"attributes": {
"clientOfflineSessionMaxLifespan": "0",
"clientSessionIdleTimeout": "0",
"clientSessionMaxLifespan": "0",
"clientOfflineSessionIdleTimeout": "0"
},
"keycloakVersion": "11.0.3",
"userManagedAccessAllowed": false
}
Raw
setup.sh
#!/bin/bash
# Create a directory
mkdir sunbird-rc-sources
cd $_
# Clone the sunbird repo
git clone https://github.com/Sunbird-RC/sunbird-rc-core.git core
# Fetch the docker-compose and config files
git clone https://gist.github.com/055875c27d3af1bb27c408223b390767.git tools
# Start postgress, elastic search and keycloak
cd tools/
docker-compose up -d db es keycloak
echo "Import sunbird-rc-sources/tools/realm-export.json as a new realm into the keycloak console on http://localhost:8080/auth/admin"
cd ../
# Build the registry jar
cd core/
./configure-dependencies.sh
cd java/
cp ../../tools/application.yaml ./registry/src/main/resources/application.yml
mvn clean install -DskipTests
java -jar registry/target/registry.jar
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment