jens/4plants
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Infra

Browse Source
This commit is contained in:
Jens Beckmann
2026-06-14 18:00:43 +02:00
parent 4be49200f0
commit cd0d554fef
37 changed files with 7727 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Infra/keycloak/realm-export.json
+377
View File
@@ -0,0 +1,377 @@
{
"id": "gardenplan-realm",
"realm": "gardenplan",
"displayName": "GardenPlan",
"displayNameHtml": "<div class=\"kc-logo-text\"><span>GardenPlan</span></div>",
"notBefore": 0,
"defaultSignatureAlgorithm": "RS256",
"revokeRefreshToken": false,
"refreshTokenMaxReuse": 0,
"accessTokenLifespan": 3600,
"accessTokenLifespanForImplicitFlow": 900,
"ssoSessionIdleTimeout": 3600,
"ssoSessionMaxLifespan": 86400,
"ssoSessionIdleTimeoutRememberMe": 0,
"ssoSessionMaxLifespanRememberMe": 0,
"offlineSessionIdleTimeout": 2592000,
"offlineSessionMaxLifespanEnabled": false,
"offlineSessionMaxLifespan": 5184000,
"clientSessionIdleTimeout": 0,
"clientSessionMaxLifespan": 0,
"clientOfflineSessionIdleTimeout": 0,
"clientOfflineSessionMaxLifespan": 0,
"accessCodeLifespan": 60,
"accessCodeLifespanUserAction": 300,
"accessCodeLifespanLogin": 1800,
"actionTokenGeneratedByAdminLifespan": 43200,
"actionTokenGeneratedByUserLifespan": 3600,
"oauth2DeviceCodeLifespan": 600,
"oauth2DevicePollingInterval": 5,
"enabled": true,
"sslRequired": "external",
"registrationAllowed": true,
"registrationEmailAsUsername": false,
"rememberMe": false,
"verifyEmail": false,
"loginWithEmailAllowed": true,
"duplicateEmailsAllowed": false,
"resetPasswordAllowed": false,
"editUsernameAllowed": false,
"bruteForceProtected": false,
"permanentLockout": false,
"maxTemporaryLockouts": 0,
"maxFailureWaitSeconds": 900,
"minimumQuickLoginWaitSeconds": 60,
"waitIncrementSeconds": 60,
"quickLoginCheckMilliSlots": 144,
"quickLoginCheckMilliDetails": 200,
"bruteForceStrategy": "MULTI_USER",
"resetPasswordTimeout": 0,
"defaultRole": {
"id": "gardenplan-default-role",
"name": "default-roles-gardenplan",
"description": "${role_default-roles}",
"type": "DEFAULT",
"scope": "GLOBAL"
},
"requiredCredentials": [
"password"
],
"otpPolicyType": "totp",
"otpPolicyAlgorithm": "HmacSHA1",
"otpPolicyInitialCounter": 0,
"otpPolicyDigits": 6,
"otpPolicyLookAheadWindow": 1,
"otpPolicyPeriod": 30,
"otpSupportedApplications": [
"FreeOTP",
"Google Authenticator"
],
"localizationTexts": {},
"webAuthnChallengeUsage": "per-session",
"identityProviderAliases": {},
"users": [
{
"id": "test-user-001",
"username": "testuser",
"enabled": true,
"emailVerified": true,
"email": "testuser@gardenplan.local",
"credentials": [
{
"type": "password",
"value": "testpassword123!",
"temporary": false
}
],
"roles": {
"client": {
"symfony-app": [
"uma_authorization"
]
},
"realm": [
"default-roles-gardenplan",
"offline_access",
"uma_authorization"
]
}
}
],
"clients": [
{
"id": "symfony-app-client",
"clientId": "symfony-app",
"name": "Symfony GardenPlan API",
"description": "Backend REST-API Client für GardenPlan",
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "changeme_client_secret",
"baseUrl": "http://localhost/",
"redirectUris": [
"http://localhost/*",
"http://127.0.0.1/*"
],
"webOrigins": [
"+"
],
"grantTypes": [
"authorization_code",
"refresh_token",
"client_credentials",
"implicit"
],
"standardFlowEnabled": true,
"implicitFlowEnabled": true,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": true,
"publicClient": false,
"frontchannelLogout": true,
"protocol": "openid-connect",
"attributes": {
"client.secret.creation.time": "1700000000",
"oauth2.device.authorization.grant.enabled": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"backchannel.logout.session.required": "true",
"client_credentials.use_refresh_token": "false",
"login.jansendata": "{}"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
},
{
"id": "frontend-client",
"clientId": "gardenplan-frontend",
"name": "GardenPlan Frontend (React/Vue)",
"description": "Frontend SPA Client für GardenPlan",
"enabled": true,
"publicClient": true,
"baseUrl": "http://localhost:3000/",
"redirectUris": [
"http://localhost:3000/*",
"http://127.0.0.1:3000/*"
],
"webOrigins": [
"http://localhost:3000",
"http://127.0.0.1:3000"
],
"grantTypes": [
"authorization_code",
"implicit"
],
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"frontchannelLogout": true,
"protocol": "openid-connect",
"attributes": {
"oidc.ciba.grant.enabled": "false",
"oauth2.device.authorization.grant.enabled": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"backchannel.logout.session.required": "true"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"defaultClientScopes": [
"web-origins",
"roles",
"profile",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
}
],
"clientScopes": [
{
"id": "scope-email",
"name": "email",
"description": "OpenID Connect built-in scope: email",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"consent.screen.text": "${emailScopeConsentText}",
"display.on.consent.screen": "true"
},
"icons": {},
"protocolMappers": [
{
"id": "mapper-email",
"name": "email",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "email",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email",
"jsonType.label": "String",
"multivalued": "false"
}
},
{
"id": "mapper-email-verified",
"name": "email verified",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-property-mapper",
"consentRequired": false,
"config": {
"userinfo.token.claim": "true",
"user.attribute": "emailVerified",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "email_verified",
"jsonType.label": "boolean",
"multivalued": "false"
}
}
]
},
{
"id": "scope-profile",
"name": "profile",
"description": "OpenID Connect built-in scope: profile",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "true",
"consent.screen.text": "${profileScopeConsentText}",
"display.on.consent.screen": "true"
},
"icons": {},
"protocolMappers": [
{
"id": "mapper-profile-name",
"name": "full name",
"protocol": "openid-connect",
"protocolMapper": "oidc-full-name-mapper",
"consentRequired": false,
"config": {
"id.token.claim": "true",
"access.token.claim": "true",
"userinfo.token.claim": "true"
}
},
{
"id": "mapper-username",
"name": "username",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper",
"consentRequired": false,
"config": {
"user.attribute": "username",
"id.token.claim": "true",
"access.token.claim": "true",
"claim.name": "preferred_username",
"jsonType.label": "String"
}
}
]
},
{
"id": "scope-roles",
"name": "roles",
"description": "OpenID Connect scope for role mapping",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "false",
"display.on.consent.screen": "false"
},
"icons": {},
"protocolMappers": [
{
"id": "mapper-client-roles",
"name": "client roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-client-role-mapper",
"consentRequired": false,
"config": {
"multivalued": "true",
"user.attribute": "foo",
"access.token.claim": "true",
"claim.name": "resource_access.${client_id}.roles",
"jsonType.label": "String"
}
},
{
"id": "mapper-realm-roles",
"name": "realm roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"consentRequired": false,
"config": {
"multivalued": "true",
"user.attribute": "foo",
"access.token.claim": "true",
"claim.name": "realm_access.roles",
"jsonType.label": "String"
}
}
]
},
{
"id": "scope-web-origins",
"name": "web-origins",
"description": "OpenID Connect scope for web origins",
"protocol": "openid-connect",
"attributes": {
"include.in.token.scope": "false",
"consent.screen.text": "",
"display.on.consent.screen": "false"
},
"icons": {},
"protocolMappers": [
{
"id": "mapper-web-origins",
"name": "allowed web origins",
"protocol": "openid-connect",
"protocolMapper": "oidc-allowed-origins-mapper",
"consentRequired": false,
"config": {}
}
]
},
{
"id": "scope-offline-access",
"name": "offline_access",
"description": "OpenID Connect built-in scope: offline_access",
"protocol": "openid-connect",
"attributes": {
"consent.screen.text": "${offlineAccessScopeConsentText}",
"display.on.consent.screen": "true"
},
"icons": {}
}
],
"defaultDefaultClientScopes": [
"role_list",
"profile",
"email",
"roles",
"web-origins"
],
"defaultOptionalClientScopes": [
"offline_access",
"address",
"phone"
]
}