537 lines
No EOL
19 KiB
JSON
Executable file
537 lines
No EOL
19 KiB
JSON
Executable file
{
|
|
"realm": "test-realm",
|
|
"enabled": true,
|
|
"accessTokenLifespan": 6000,
|
|
"accessTokenLifespanForImplicitFlow": 1500,
|
|
"accessCodeLifespan": 30,
|
|
"accessCodeLifespanUserAction": 600,
|
|
"offlineSessionIdleTimeout": 3600000,
|
|
"requiredCredentials": [ "password" ],
|
|
"defaultRoles": [ "foo", "bar" ],
|
|
"verifyEmail" : "true",
|
|
"smtpServer": {
|
|
"from": "auto@keycloak.org",
|
|
"host": "localhost",
|
|
"port":"3025"
|
|
},
|
|
"identityProviders" : [
|
|
{
|
|
"providerId" : "google",
|
|
"alias" : "google1",
|
|
"enabled": true,
|
|
"config": {
|
|
"clientId": "googleId",
|
|
"clientSecret": "googleSecret"
|
|
}
|
|
},
|
|
{
|
|
"providerId" : "facebook",
|
|
"alias" : "facebook1",
|
|
"enabled": true,
|
|
"config": {
|
|
"clientId": "facebookId",
|
|
"clientSecret": "facebookSecret"
|
|
}
|
|
},
|
|
{
|
|
"providerId" : "twitter",
|
|
"alias" : "twitter1",
|
|
"enabled": true,
|
|
"config": {
|
|
"clientId": "twitterId",
|
|
"clientSecret": "twitterSecret"
|
|
}
|
|
}
|
|
],
|
|
"userFederationProviders": [
|
|
{
|
|
"displayName": "MyLDAPProvider1",
|
|
"providerName": "ldap",
|
|
"priority": 1,
|
|
"config": {
|
|
"connectionUrl": "ldap://foo"
|
|
}
|
|
},
|
|
{
|
|
"displayName": "MyLDAPProvider2",
|
|
"providerName": "ldap",
|
|
"priority": 2,
|
|
"config": {
|
|
"connectionUrl": "ldap://bar"
|
|
}
|
|
}
|
|
],
|
|
"userFederationMappers": [
|
|
{
|
|
"name": "FullNameMapper",
|
|
"federationProviderDisplayName": "MyLDAPProvider1",
|
|
"federationMapperType": "full-name-ldap-mapper",
|
|
"config": {
|
|
"ldap.full.name.attribute": "cn"
|
|
}
|
|
}
|
|
],
|
|
"groups": [
|
|
{
|
|
"name": "Group A",
|
|
"path": "/Group A",
|
|
"attributes": {
|
|
"topAttribute": [
|
|
"true"
|
|
]
|
|
},
|
|
"subGroups": [
|
|
{
|
|
"name": "Group B",
|
|
"path": "/Group A/Group B",
|
|
"attributes": {
|
|
"level2Attribute": [
|
|
"true"
|
|
]
|
|
},
|
|
"subGroups": []
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"name": "Group C",
|
|
"path": "/Group C",
|
|
"attributes": {
|
|
"topAttribute": [
|
|
"true"
|
|
]
|
|
},
|
|
"subGroups": [
|
|
{
|
|
"name": "Group D",
|
|
"path": "/Group C/Group D",
|
|
"attributes": {
|
|
"level2Attribute": [
|
|
"true"
|
|
]
|
|
},
|
|
"subGroups": []
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"users": [
|
|
{
|
|
"username": "wburke",
|
|
"enabled": true,
|
|
"createdTimestamp" : 123654,
|
|
"notBefore": 159,
|
|
"attributes": {
|
|
"email": "bburke@redhat.com"
|
|
},
|
|
"credentials": [
|
|
{
|
|
"type": "password",
|
|
"value": "userpassword"
|
|
}
|
|
],
|
|
"applicationRoles": {
|
|
"Application": [ "app-user" ],
|
|
"OtherApp": [ "otherapp-user" ]
|
|
}
|
|
},
|
|
{
|
|
"username": "loginclient",
|
|
"createdTimestamp" : "123655",
|
|
"enabled": true,
|
|
"credentials": [
|
|
{
|
|
"type": "password",
|
|
"value": "clientpassword"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"username": "admin",
|
|
"enabled": true,
|
|
"attributes": {
|
|
"key1": [
|
|
"val1"
|
|
],
|
|
"key2": [
|
|
"val21",
|
|
"val22"
|
|
]
|
|
},
|
|
"credentials": [
|
|
{
|
|
"type": "password",
|
|
"value": "adminpassword"
|
|
}
|
|
],
|
|
"realmRoles": [ "admin" ],
|
|
"applicationRoles": {
|
|
"Application": [ "app-admin" ],
|
|
"OtherApp": [ "otherapp-admin" ]
|
|
},
|
|
"clientConsents": [
|
|
{
|
|
"clientId": "Application",
|
|
"grantedRealmRoles": [ "admin" ],
|
|
"grantedClientRoles": {
|
|
"Application": [ "app-admin" ]
|
|
}
|
|
},
|
|
{
|
|
"clientId": "OtherApp",
|
|
"grantedRealmRoles": [ "admin" ],
|
|
"grantedProtocolMappers": {
|
|
"openid-connect": [ "gss delegation credential" ]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"username": "mySocialUser",
|
|
"enabled": true,
|
|
"federatedIdentities": [
|
|
{
|
|
"identityProvider": "facebook1",
|
|
"userId": "facebook1",
|
|
"userName": "fbuser1"
|
|
},
|
|
{
|
|
"identityProvider": "twitter1",
|
|
"userId": "twitter1",
|
|
"userName": "twuser1"
|
|
},
|
|
{
|
|
"identityProvider": "google1",
|
|
"userId": "google1",
|
|
"userName": "mySocialUser@gmail.com"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"username": "my-service-user",
|
|
"enabled": true,
|
|
"serviceAccountClientId": "OtherApp"
|
|
}
|
|
],
|
|
"clients": [
|
|
{
|
|
"clientId": "Application",
|
|
"name": "Applicationn",
|
|
"enabled": true,
|
|
"implicitFlowEnabled": true,
|
|
"directAccessGrantsEnabled": true,
|
|
"nodeReRegistrationTimeout": 50,
|
|
"registeredNodes": {
|
|
"node1": 10,
|
|
"172.10.15.20": 20
|
|
}
|
|
},
|
|
{
|
|
"clientId": "OtherApp",
|
|
"name": "Other Application",
|
|
"enabled": true,
|
|
"standardFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": true,
|
|
"clientAuthenticatorType": "client-jwt",
|
|
"protocolMappers" : [
|
|
{
|
|
"name" : "gss delegation credential",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usersessionmodel-note-mapper",
|
|
"consentRequired" : true,
|
|
"consentText" : "gss delegation credential",
|
|
"config" : {
|
|
"user.session.note" : "gss_delegation_credential",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "gss_delegation_credential",
|
|
"Claim JSON Type" : "String"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"clientId": "test-app-authz",
|
|
"enabled": true,
|
|
"baseUrl": "/test-app-authz",
|
|
"adminUrl": "/test-app-authz",
|
|
"bearerOnly": false,
|
|
"authorizationSettings": {
|
|
"allowRemoteResourceManagement": true,
|
|
"policyEnforcementMode": "ENFORCING",
|
|
"resources": [
|
|
{
|
|
"name": "Admin Resource",
|
|
"uri": "/protected/admin/*",
|
|
"type": "http://test-app-authz/protected/admin",
|
|
"icon_uri" : "http://icons.com/icon-admin",
|
|
"scopes": [
|
|
{
|
|
"name": "admin-access"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"name": "Protected Resource",
|
|
"uri": "/*",
|
|
"type": "http://test-app-authz/protected/resource",
|
|
"icon_uri" : "http://icons.com/icon-resource",
|
|
"scopes": [
|
|
{
|
|
"name": "resource-access"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"name": "Premium Resource",
|
|
"uri": "/protected/premium/*",
|
|
"type": "urn:test-app-authz:protected:resource",
|
|
"icon_uri" : "http://icons.com/icon-premium",
|
|
"scopes": [
|
|
{
|
|
"name": "premium-access"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"name": "Main Page",
|
|
"type": "urn:test-app-authz:protected:resource",
|
|
"icon_uri" : "http://icons.com/icon-main-page",
|
|
"scopes": [
|
|
{
|
|
"name": "urn:test-app-authz:page:main:actionForAdmin"
|
|
},
|
|
{
|
|
"name": "urn:test-app-authz:page:main:actionForUser"
|
|
},
|
|
{
|
|
"name": "urn:test-app-authz:page:main:actionForPremiumUser"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"policies": [
|
|
{
|
|
"name": "Any Admin Policy",
|
|
"description": "Defines that adminsitrators can do something",
|
|
"type": "role",
|
|
"config": {
|
|
"roles": "[{\"id\":\"admin\"}]"
|
|
}
|
|
},
|
|
{
|
|
"name": "Any User Policy",
|
|
"description": "Defines that any user can do something",
|
|
"type": "role",
|
|
"config": {
|
|
"roles": "[{\"id\":\"user\"}]"
|
|
}
|
|
},
|
|
{
|
|
"name": "Client and Realm Role Policy",
|
|
"type": "role",
|
|
"config": {
|
|
"roles": "[{\"id\":\"realm-management/impersonation\",\"required\":false},{\"id\":\"realm-management/manage-authorization\",\"required\":true},{\"id\":\"user\",\"required\":false}]"
|
|
}
|
|
},
|
|
{
|
|
"name": "Client Test Policy",
|
|
"type": "client",
|
|
"logic": "POSITIVE",
|
|
"decisionStrategy": "UNANIMOUS",
|
|
"config": {
|
|
"clients": "[\"broker\",\"admin-cli\"]"
|
|
}
|
|
},
|
|
{
|
|
"name": "Group Policy Test",
|
|
"type": "group",
|
|
"config": {
|
|
"groupsClaim": "groups",
|
|
"groups": "[{\"path\":\"/Group A\",\"extendChildren\":true},{\"path\":\"/Group A/Group B\",\"extendChildren\":false},{\"path\":\"/Group C/Group D\",\"extendChildren\":true}]"
|
|
}
|
|
},
|
|
{
|
|
"name": "Only Premium User Policy",
|
|
"description": "Defines that only premium users can do something",
|
|
"type": "role",
|
|
"logic": "POSITIVE",
|
|
"config": {
|
|
"roles": "[{\"id\":\"customer-user-premium\"}]"
|
|
}
|
|
},
|
|
{
|
|
"name": "wburke policy",
|
|
"description": "Defines that only wburke can do something",
|
|
"type": "user",
|
|
"logic": "POSITIVE",
|
|
"config": {
|
|
"users" : "[\"wburke\"]"
|
|
}
|
|
},
|
|
{
|
|
"name": "All Users Policy",
|
|
"description": "Defines that all users can do something",
|
|
"type": "aggregate",
|
|
"decisionStrategy": "AFFIRMATIVE",
|
|
"config": {
|
|
"applyPolicies": "[\"Any User Policy\",\"Any Admin Policy\",\"Only Premium User Policy\"]"
|
|
}
|
|
},
|
|
{
|
|
"name": "Premium Resource Permission",
|
|
"description": "A policy that defines access to premium resources",
|
|
"type": "resource",
|
|
"decisionStrategy": "UNANIMOUS",
|
|
"config": {
|
|
"resources": "[\"Premium Resource\"]",
|
|
"applyPolicies": "[\"Only Premium User Policy\"]"
|
|
}
|
|
},
|
|
{
|
|
"name": "Administrative Resource Permission",
|
|
"description": "A policy that defines access to administrative resources",
|
|
"type": "resource",
|
|
"decisionStrategy": "UNANIMOUS",
|
|
"config": {
|
|
"resources": "[\"Admin Resource\"]",
|
|
"applyPolicies": "[\"Any Admin Policy\"]"
|
|
}
|
|
},
|
|
{
|
|
"name": "Protected Resource Permission",
|
|
"description": "A policy that defines access to any protected resource",
|
|
"type": "resource",
|
|
"decisionStrategy": "AFFIRMATIVE",
|
|
"config": {
|
|
"resources": "[\"Protected Resource\"]",
|
|
"applyPolicies": "[\"All Users Policy\"]"
|
|
}
|
|
},
|
|
{
|
|
"name": "Action 1 on Main Page Resource Permission",
|
|
"description": "A policy that defines access to action 1 on the main page",
|
|
"type": "scope",
|
|
"decisionStrategy": "AFFIRMATIVE",
|
|
"config": {
|
|
"scopes": "[\"urn:test-app-authz:page:main:actionForAdmin\"]",
|
|
"applyPolicies": "[\"Any Admin Policy\"]"
|
|
}
|
|
},
|
|
{
|
|
"name": "Action 2 on Main Page Resource Permission",
|
|
"description": "A policy that defines access to action 2 on the main page",
|
|
"type": "scope",
|
|
"decisionStrategy": "AFFIRMATIVE",
|
|
"config": {
|
|
"scopes": "[\"urn:test-app-authz:page:main:actionForUser\"]",
|
|
"applyPolicies": "[\"Any User Policy\"]"
|
|
}
|
|
},
|
|
{
|
|
"name": "Action 3 on Main Page Resource Permission",
|
|
"description": "A policy that defines access to action 3 on the main page",
|
|
"type": "scope",
|
|
"decisionStrategy": "AFFIRMATIVE",
|
|
"config": {
|
|
"scopes": "[\"urn:test-app-authz:page:main:actionForPremiumUser\"]",
|
|
"applyPolicies": "[\"Only Premium User Policy\"]"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"redirectUris": [
|
|
"/test-app-authz/*"
|
|
],
|
|
"secret": "secret"
|
|
}
|
|
],
|
|
"oauthClients" : [
|
|
{
|
|
"name" : "oauthclient",
|
|
"enabled": true,
|
|
"secret": "clientpassword"
|
|
}
|
|
],
|
|
"clientTemplates" : [
|
|
{
|
|
"name" : "foo-template",
|
|
"description" : "foo-template-desc",
|
|
"protocol" : "openid-connect",
|
|
"protocolMappers" : [
|
|
{
|
|
"name" : "gss delegation credential",
|
|
"protocol" : "openid-connect",
|
|
"protocolMapper" : "oidc-usersessionmodel-note-mapper",
|
|
"consentRequired" : true,
|
|
"consentText" : "gss delegation credential",
|
|
"config" : {
|
|
"user.session.note" : "gss_delegation_credential",
|
|
"access.token.claim" : "true",
|
|
"claim.name" : "gss_delegation_credential",
|
|
"Claim JSON Type" : "String"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"roles" : {
|
|
"realm" : [
|
|
{
|
|
"name": "admin"
|
|
},
|
|
{
|
|
"name": "user"
|
|
},
|
|
{
|
|
"name": "customer-user-premium",
|
|
"description": "Have User Premium privileges"
|
|
}
|
|
],
|
|
"application" : {
|
|
"Application" : [
|
|
{
|
|
"name": "app-admin",
|
|
"scopeParamRequired": true
|
|
},
|
|
{
|
|
"name": "app-user"
|
|
}
|
|
],
|
|
"OtherApp" : [
|
|
{
|
|
"name": "otherapp-admin",
|
|
"scopeParamRequired": false
|
|
},
|
|
{
|
|
"name": "otherapp-user"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"scopeMappings": [
|
|
{
|
|
"client": "oauthclient",
|
|
"roles": ["admin"]
|
|
},
|
|
{
|
|
"clientTemplate": "foo-template",
|
|
"roles": ["admin"]
|
|
}
|
|
],
|
|
"applicationScopeMappings": {
|
|
"Application": [
|
|
{
|
|
"client": "oauthclient",
|
|
"roles": ["app-user"]
|
|
},
|
|
{
|
|
"clientTemplate": "foo-template",
|
|
"roles": ["app-user", "app-admin" ]
|
|
}
|
|
]
|
|
|
|
}
|
|
|
|
|
|
} |