keycloak-scim/examples/ldap/ldaprealm.json
2016-12-13 18:31:26 +01:00

306 lines
No EOL
10 KiB
JSON

{
"id": "ldap-demo",
"realm": "ldap-demo",
"enabled": true,
"sslRequired": "external",
"privateKey": "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=",
"publicKey": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB",
"requiredCredentials": [ "password" ],
"clients": [
{
"clientId": "finance",
"enabled": true,
"bearerOnly": true
},
{
"clientId": "ldap-app",
"enabled": true,
"baseUrl": "/ldap-portal",
"redirectUris": [
"/ldap-portal/*"
],
"adminUrl": "/ldap-portal",
"secret": "password",
"fullScopeAllowed": true,
"protocolMappers": [
{
"protocolMapper" : "oidc-usermodel-property-mapper",
"protocol" : "openid-connect",
"name" : "username",
"consentText" : "${username}",
"consentRequired" : true,
"config" : {
"Claim JSON Type" : "String",
"user.attribute" : "username",
"claim.name" : "preferred_username",
"id.token.claim" : "true",
"access.token.claim" : "true"
}
},
{
"protocolMapper" : "oidc-full-name-mapper",
"protocol" : "openid-connect",
"name" : "full name",
"consentText" : "${fullName}",
"consentRequired" : true,
"config" : {
"id.token.claim" : "true",
"access.token.claim" : "true"
}
},
{
"protocolMapper" : "oidc-usermodel-property-mapper",
"protocol" : "openid-connect",
"name" : "given name",
"consentText" : "${givenName}",
"consentRequired" : true,
"config" : {
"Claim JSON Type" : "String",
"user.attribute" : "firstName",
"claim.name" : "given_name",
"id.token.claim" : "true",
"access.token.claim" : "true"
}
},
{
"protocolMapper" : "oidc-usermodel-property-mapper",
"protocol" : "openid-connect",
"name" : "family name",
"consentText" : "${familyName}",
"consentRequired" : true,
"config" : {
"Claim JSON Type" : "String",
"user.attribute" : "lastName",
"claim.name" : "family_name",
"id.token.claim" : "true",
"access.token.claim" : "true"
}
},
{
"protocolMapper" : "oidc-usermodel-property-mapper",
"protocol" : "openid-connect",
"name" : "email",
"consentText" : "${email}",
"consentRequired" : true,
"config" : {
"Claim JSON Type" : "String",
"user.attribute" : "email",
"claim.name" : "email",
"id.token.claim" : "true",
"access.token.claim" : "true"
}
},
{
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"protocol" : "openid-connect",
"name" : "postal code",
"consentText" : "${postal_code}",
"consentRequired" : true,
"config" : {
"Claim JSON Type" : "String",
"user.attribute" : "postal_code",
"claim.name" : "postal_code",
"multivalued": "true",
"id.token.claim" : "true",
"access.token.claim" : "true"
}
},
{
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"protocol" : "openid-connect",
"name" : "street",
"consentText" : "${street}",
"consentRequired" : true,
"config" : {
"Claim JSON Type" : "String",
"user.attribute" : "street",
"claim.name" : "street",
"multivalued": "false",
"id.token.claim" : "true",
"access.token.claim" : "true"
}
},
{
"protocolMapper" : "oidc-usermodel-attribute-mapper",
"protocol" : "openid-connect",
"name" : "picture",
"consentText" : "Picture",
"consentRequired" : true,
"config" : {
"Claim JSON Type" : "String",
"user.attribute" : "picture",
"claim.name" : "profile_picture",
"multivalued": "false",
"id.token.claim" : "true",
"access.token.claim" : "true"
}
}
]
}
],
"userFederationProviders": [
{
"displayName": "ldap-apacheds",
"providerName": "ldap",
"priority": 1,
"fullSyncPeriod": -1,
"changedSyncPeriod": -1,
"config": {
"pagination" : "true",
"debug" : "false",
"searchScope" : "1",
"connectionPooling" : "true",
"usersDn" : "ou=People,dc=keycloak,dc=org",
"userObjectClasses" : "inetOrgPerson, organizationalPerson",
"usernameLDAPAttribute" : "uid",
"bindDn" : "uid=admin,ou=system",
"bindCredential" : "secret",
"rdnLDAPAttribute" : "uid",
"vendor" : "other",
"editMode" : "WRITABLE",
"uuidLDAPAttribute" : "entryUUID",
"connectionUrl" : "ldap://localhost:10389",
"syncRegistrations" : "true",
"authType" : "simple"
}
}
],
"userFederationMappers" : [
{
"name" : "username",
"federationMapperType" : "user-attribute-ldap-mapper",
"federationProviderDisplayName" : "ldap-apacheds",
"config" : {
"ldap.attribute" : "uid",
"user.model.attribute" : "username",
"is.mandatory.in.ldap" : "true",
"read.only" : "false",
"always.read.value.from.ldap" : "false"
}
},
{
"name" : "first name",
"federationMapperType" : "user-attribute-ldap-mapper",
"federationProviderDisplayName" : "ldap-apacheds",
"config" : {
"ldap.attribute" : "cn",
"user.model.attribute" : "firstName",
"is.mandatory.in.ldap" : "true",
"read.only" : "false",
"always.read.value.from.ldap" : "false"
}
},
{
"name" : "last name",
"federationMapperType" : "user-attribute-ldap-mapper",
"federationProviderDisplayName" : "ldap-apacheds",
"config" : {
"ldap.attribute" : "sn",
"user.model.attribute" : "lastName",
"is.mandatory.in.ldap" : "true",
"read.only" : "false",
"always.read.value.from.ldap" : "false"
}
},
{
"name" : "email",
"federationMapperType" : "user-attribute-ldap-mapper",
"federationProviderDisplayName" : "ldap-apacheds",
"config" : {
"ldap.attribute" : "mail",
"user.model.attribute" : "email",
"is.mandatory.in.ldap" : "false",
"read.only" : "false",
"always.read.value.from.ldap" : "false"
}
},
{
"name" : "creation date",
"federationMapperType" : "user-attribute-ldap-mapper",
"federationProviderDisplayName" : "ldap-apacheds",
"config" : {
"ldap.attribute" : "createTimestamp",
"user.model.attribute" : "createTimestamp",
"is.mandatory.in.ldap" : "false",
"read.only" : "true",
"always.read.value.from.ldap" : "false"
}
},
{
"name" : "modify date",
"federationMapperType" : "user-attribute-ldap-mapper",
"federationProviderDisplayName" : "ldap-apacheds",
"config" : {
"ldap.attribute" : "modifyTimestamp",
"user.model.attribute" : "modifyTimestamp",
"is.mandatory.in.ldap" : "false",
"read.only" : "true",
"always.read.value.from.ldap" : "false"
}
},
{
"name" : "postal code",
"federationMapperType" : "user-attribute-ldap-mapper",
"federationProviderDisplayName" : "ldap-apacheds",
"config" : {
"ldap.attribute" : "postalCode",
"user.model.attribute" : "postal_code",
"is.mandatory.in.ldap" : "false",
"read.only" : "false",
"always.read.value.from.ldap" : "false"
}
},
{
"name" : "street",
"federationMapperType" : "user-attribute-ldap-mapper",
"federationProviderDisplayName" : "ldap-apacheds",
"config" : {
"ldap.attribute" : "street",
"user.model.attribute" : "street",
"is.mandatory.in.ldap" : "false",
"read.only" : "false",
"always.read.value.from.ldap" : "false"
}
},
{
"name" : "picture",
"federationMapperType" : "user-attribute-ldap-mapper",
"federationProviderDisplayName" : "ldap-apacheds",
"config" : {
"ldap.attribute" : "jpegPhoto",
"user.model.attribute" : "picture",
"is.mandatory.in.ldap" : "false",
"read.only" : "false",
"always.read.value.from.ldap" : "true",
"is.binary.attribute" : "true"
}
},
{
"name" : "realm roles",
"federationMapperType" : "role-ldap-mapper",
"federationProviderDisplayName" : "ldap-apacheds",
"config" : {
"roles.dn" : "ou=RealmRoles,dc=keycloak,dc=org",
"membership.ldap.attribute" : "member",
"role.name.ldap.attribute" : "cn",
"role.object.classes" : "groupOfNames",
"mode" : "LDAP_ONLY",
"use.realm.roles.mapping" : "true"
}
},
{
"name" : "finance roles",
"federationMapperType" : "role-ldap-mapper",
"federationProviderDisplayName" : "ldap-apacheds",
"config" : {
"roles.dn" : "ou=FinanceRoles,dc=keycloak,dc=org",
"membership.ldap.attribute" : "member",
"role.name.ldap.attribute" : "cn",
"role.object.classes" : "groupOfNames",
"mode" : "LDAP_ONLY",
"use.realm.roles.mapping" : "false",
"client.id" : "finance"
}
}
]
}