keycloak-scim/examples/kerberos/kerberosrealm.json

94 lines
No EOL
4.1 KiB
JSON

{
"id": "kerberos-demo",
"realm": "kerberos-demo",
"enabled": true,
"sslRequired": "external",
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
"publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"requiredCredentials": [ "password", "kerberos" ],
"defaultRoles": [ "user" ],
"scopeMappings": [
{
"client": "kerberos-app",
"roles": [ "user" ]
}
],
"applications": [
{
"name": "kerberos-app",
"enabled": true,
"baseUrl": "/kerberos-portal",
"redirectUris": [
"/kerberos-portal/*"
],
"adminUrl": "/kerberos-portal",
"secret": "password",
"protocolMappers": [
{
"protocolMapper" : "oidc-usermodel-property-mapper",
"protocol" : "openid-connect",
"name" : "username",
"consentText" : "username",
"consentRequired" : true,
"config" : {
"Claim JSON Type" : "String",
"user.attribute" : "username",
"Token Claim Name" : "preferred_username",
"id.token.claim" : "true",
"access.token.claim" : "true"
}
},
{
"protocolMapper" : "oidc-usersessionmodel-note-mapper",
"protocol" : "openid-connect",
"name" : "gss delegation credential",
"consentText" : "gss delegation credential",
"consentRequired" : true,
"config" : {
"user.session.note" : "gss_delegation_credential",
"Token Claim Name" : "gss_delegation_credential",
"id.token.claim" : "false",
"access.token.claim" : "true"
}
}
]
}
],
"roles" : {
"realm" : [
{
"name": "user",
"description": "Have User privileges"
}
]
},
"userFederationProviders": [
{
"displayName": "kerberos-ldap-provider",
"providerName": "ldap",
"priority": 1,
"fullSyncPeriod": -1,
"changedSyncPeriod": -1,
"config": {
"syncRegistrations" : "false",
"userAccountControlsAfterPasswordUpdate" : "true",
"connectionPooling" : "true",
"pagination" : "true",
"allowKerberosAuthentication" : "true",
"debug" : "true",
"editMode" : "WRITABLE",
"vendor" : "other",
"usernameLDAPAttribute" : "uid",
"userObjectClasses" : "inetOrgPerson, organizationalPerson",
"connectionUrl" : "ldap://localhost:10389",
"baseDn" : "dc=keycloak,dc=org",
"userDnSuffix" : "ou=People,dc=keycloak,dc=org",
"bindDn" : "uid=admin,ou=system",
"bindCredential" : "secret",
"kerberosRealm" : "KEYCLOAK.ORG",
"serverPrincipal" : "HTTP/localhost@KEYCLOAK.ORG",
"keyTab" : "/tmp/http.keytab"
}
}
]
}