378 lines
11 KiB
JSON
378 lines
11 KiB
JSON
{
|
|
"id": "gardenplan-realm",
|
|
"realm": "gardenplan",
|
|
"displayName": "GardenPlan",
|
|
"displayNameHtml": "<div class=\"kc-logo-text\"><span>GardenPlan</span></div>",
|
|
"notBefore": 0,
|
|
"defaultSignatureAlgorithm": "RS256",
|
|
"revokeRefreshToken": false,
|
|
"refreshTokenMaxReuse": 0,
|
|
"accessTokenLifespan": 3600,
|
|
"accessTokenLifespanForImplicitFlow": 900,
|
|
"ssoSessionIdleTimeout": 3600,
|
|
"ssoSessionMaxLifespan": 86400,
|
|
"ssoSessionIdleTimeoutRememberMe": 0,
|
|
"ssoSessionMaxLifespanRememberMe": 0,
|
|
"offlineSessionIdleTimeout": 2592000,
|
|
"offlineSessionMaxLifespanEnabled": false,
|
|
"offlineSessionMaxLifespan": 5184000,
|
|
"clientSessionIdleTimeout": 0,
|
|
"clientSessionMaxLifespan": 0,
|
|
"clientOfflineSessionIdleTimeout": 0,
|
|
"clientOfflineSessionMaxLifespan": 0,
|
|
"accessCodeLifespan": 60,
|
|
"accessCodeLifespanUserAction": 300,
|
|
"accessCodeLifespanLogin": 1800,
|
|
"actionTokenGeneratedByAdminLifespan": 43200,
|
|
"actionTokenGeneratedByUserLifespan": 3600,
|
|
"oauth2DeviceCodeLifespan": 600,
|
|
"oauth2DevicePollingInterval": 5,
|
|
"enabled": true,
|
|
"sslRequired": "external",
|
|
"registrationAllowed": true,
|
|
"registrationEmailAsUsername": false,
|
|
"rememberMe": false,
|
|
"verifyEmail": false,
|
|
"loginWithEmailAllowed": true,
|
|
"duplicateEmailsAllowed": false,
|
|
"resetPasswordAllowed": false,
|
|
"editUsernameAllowed": false,
|
|
"bruteForceProtected": false,
|
|
"permanentLockout": false,
|
|
"maxTemporaryLockouts": 0,
|
|
"maxFailureWaitSeconds": 900,
|
|
"minimumQuickLoginWaitSeconds": 60,
|
|
"waitIncrementSeconds": 60,
|
|
"quickLoginCheckMilliSlots": 144,
|
|
"quickLoginCheckMilliDetails": 200,
|
|
"bruteForceStrategy": "MULTI_USER",
|
|
"resetPasswordTimeout": 0,
|
|
"defaultRole": {
|
|
"id": "gardenplan-default-role",
|
|
"name": "default-roles-gardenplan",
|
|
"description": "${role_default-roles}",
|
|
"type": "DEFAULT",
|
|
"scope": "GLOBAL"
|
|
},
|
|
"requiredCredentials": [
|
|
"password"
|
|
],
|
|
"otpPolicyType": "totp",
|
|
"otpPolicyAlgorithm": "HmacSHA1",
|
|
"otpPolicyInitialCounter": 0,
|
|
"otpPolicyDigits": 6,
|
|
"otpPolicyLookAheadWindow": 1,
|
|
"otpPolicyPeriod": 30,
|
|
"otpSupportedApplications": [
|
|
"FreeOTP",
|
|
"Google Authenticator"
|
|
],
|
|
"localizationTexts": {},
|
|
"webAuthnChallengeUsage": "per-session",
|
|
"identityProviderAliases": {},
|
|
"users": [
|
|
{
|
|
"id": "test-user-001",
|
|
"username": "testuser",
|
|
"enabled": true,
|
|
"emailVerified": true,
|
|
"email": "testuser@gardenplan.local",
|
|
"credentials": [
|
|
{
|
|
"type": "password",
|
|
"value": "testpassword123!",
|
|
"temporary": false
|
|
}
|
|
],
|
|
"roles": {
|
|
"client": {
|
|
"symfony-app": [
|
|
"uma_authorization"
|
|
]
|
|
},
|
|
"realm": [
|
|
"default-roles-gardenplan",
|
|
"offline_access",
|
|
"uma_authorization"
|
|
]
|
|
}
|
|
}
|
|
],
|
|
"clients": [
|
|
{
|
|
"id": "symfony-app-client",
|
|
"clientId": "symfony-app",
|
|
"name": "Symfony GardenPlan API",
|
|
"description": "Backend REST-API Client für GardenPlan",
|
|
"enabled": true,
|
|
"clientAuthenticatorType": "client-secret",
|
|
"secret": "changeme_client_secret",
|
|
"baseUrl": "http://localhost/",
|
|
"redirectUris": [
|
|
"http://localhost/*",
|
|
"http://127.0.0.1/*"
|
|
],
|
|
"webOrigins": [
|
|
"+"
|
|
],
|
|
"grantTypes": [
|
|
"authorization_code",
|
|
"refresh_token",
|
|
"client_credentials",
|
|
"implicit"
|
|
],
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": true,
|
|
"directAccessGrantsEnabled": true,
|
|
"serviceAccountsEnabled": true,
|
|
"publicClient": false,
|
|
"frontchannelLogout": true,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"client.secret.creation.time": "1700000000",
|
|
"oauth2.device.authorization.grant.enabled": "false",
|
|
"backchannel.logout.revoke.offline.tokens": "false",
|
|
"backchannel.logout.session.required": "true",
|
|
"client_credentials.use_refresh_token": "false",
|
|
"login.jansendata": "{}"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": true,
|
|
"nodeReRegistrationTimeout": -1,
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"roles",
|
|
"profile",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
},
|
|
{
|
|
"id": "frontend-client",
|
|
"clientId": "gardenplan-frontend",
|
|
"name": "GardenPlan Frontend (React/Vue)",
|
|
"description": "Frontend SPA Client für GardenPlan",
|
|
"enabled": true,
|
|
"publicClient": true,
|
|
"baseUrl": "http://localhost:3000/",
|
|
"redirectUris": [
|
|
"http://localhost:3000/*",
|
|
"http://127.0.0.1:3000/*"
|
|
],
|
|
"webOrigins": [
|
|
"http://localhost:3000",
|
|
"http://127.0.0.1:3000"
|
|
],
|
|
"grantTypes": [
|
|
"authorization_code",
|
|
"implicit"
|
|
],
|
|
"standardFlowEnabled": true,
|
|
"implicitFlowEnabled": false,
|
|
"directAccessGrantsEnabled": false,
|
|
"serviceAccountsEnabled": false,
|
|
"frontchannelLogout": true,
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"oidc.ciba.grant.enabled": "false",
|
|
"oauth2.device.authorization.grant.enabled": "false",
|
|
"backchannel.logout.revoke.offline.tokens": "false",
|
|
"backchannel.logout.session.required": "true"
|
|
},
|
|
"authenticationFlowBindingOverrides": {},
|
|
"fullScopeAllowed": true,
|
|
"defaultClientScopes": [
|
|
"web-origins",
|
|
"roles",
|
|
"profile",
|
|
"email"
|
|
],
|
|
"optionalClientScopes": [
|
|
"address",
|
|
"phone",
|
|
"offline_access",
|
|
"microprofile-jwt"
|
|
]
|
|
}
|
|
],
|
|
"clientScopes": [
|
|
{
|
|
"id": "scope-email",
|
|
"name": "email",
|
|
"description": "OpenID Connect built-in scope: email",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"consent.screen.text": "${emailScopeConsentText}",
|
|
"display.on.consent.screen": "true"
|
|
},
|
|
"icons": {},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "mapper-email",
|
|
"name": "email",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "email",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "email",
|
|
"jsonType.label": "String",
|
|
"multivalued": "false"
|
|
}
|
|
},
|
|
{
|
|
"id": "mapper-email-verified",
|
|
"name": "email verified",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-property-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"userinfo.token.claim": "true",
|
|
"user.attribute": "emailVerified",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "email_verified",
|
|
"jsonType.label": "boolean",
|
|
"multivalued": "false"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "scope-profile",
|
|
"name": "profile",
|
|
"description": "OpenID Connect built-in scope: profile",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "true",
|
|
"consent.screen.text": "${profileScopeConsentText}",
|
|
"display.on.consent.screen": "true"
|
|
},
|
|
"icons": {},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "mapper-profile-name",
|
|
"name": "full name",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-full-name-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"userinfo.token.claim": "true"
|
|
}
|
|
},
|
|
{
|
|
"id": "mapper-username",
|
|
"name": "username",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-attribute-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"user.attribute": "username",
|
|
"id.token.claim": "true",
|
|
"access.token.claim": "true",
|
|
"claim.name": "preferred_username",
|
|
"jsonType.label": "String"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "scope-roles",
|
|
"name": "roles",
|
|
"description": "OpenID Connect scope for role mapping",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "false",
|
|
"display.on.consent.screen": "false"
|
|
},
|
|
"icons": {},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "mapper-client-roles",
|
|
"name": "client roles",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-client-role-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"multivalued": "true",
|
|
"user.attribute": "foo",
|
|
"access.token.claim": "true",
|
|
"claim.name": "resource_access.${client_id}.roles",
|
|
"jsonType.label": "String"
|
|
}
|
|
},
|
|
{
|
|
"id": "mapper-realm-roles",
|
|
"name": "realm roles",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-usermodel-realm-role-mapper",
|
|
"consentRequired": false,
|
|
"config": {
|
|
"multivalued": "true",
|
|
"user.attribute": "foo",
|
|
"access.token.claim": "true",
|
|
"claim.name": "realm_access.roles",
|
|
"jsonType.label": "String"
|
|
}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "scope-web-origins",
|
|
"name": "web-origins",
|
|
"description": "OpenID Connect scope for web origins",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"include.in.token.scope": "false",
|
|
"consent.screen.text": "",
|
|
"display.on.consent.screen": "false"
|
|
},
|
|
"icons": {},
|
|
"protocolMappers": [
|
|
{
|
|
"id": "mapper-web-origins",
|
|
"name": "allowed web origins",
|
|
"protocol": "openid-connect",
|
|
"protocolMapper": "oidc-allowed-origins-mapper",
|
|
"consentRequired": false,
|
|
"config": {}
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"id": "scope-offline-access",
|
|
"name": "offline_access",
|
|
"description": "OpenID Connect built-in scope: offline_access",
|
|
"protocol": "openid-connect",
|
|
"attributes": {
|
|
"consent.screen.text": "${offlineAccessScopeConsentText}",
|
|
"display.on.consent.screen": "true"
|
|
},
|
|
"icons": {}
|
|
}
|
|
],
|
|
"defaultDefaultClientScopes": [
|
|
"role_list",
|
|
"profile",
|
|
"email",
|
|
"roles",
|
|
"web-origins"
|
|
],
|
|
"defaultOptionalClientScopes": [
|
|
"offline_access",
|
|
"address",
|
|
"phone"
|
|
]
|
|
}
|