From a45c40f329dc83ede195bfeafc6af72408063054 Mon Sep 17 00:00:00 2001
From: Marco Lettere <marco.lettere@nubis1.int.d4science.net>
Date: Wed, 18 Nov 2020 19:01:40 +0100
Subject: [PATCH] initial share

---
 defaults/main.yaml                        |  17 ++
 tasks/main.yaml                           |  17 ++
 templates/create-user-add-to-vre.json.j2  | 167 +++++++++++
 templates/delete-user-account.json.j2     | 181 ++++++++++++
 templates/group_created.json.j2           | 343 ++++++++++++++++++++++
 templates/group_deleted.json.j2           | 100 +++++++
 templates/invitation-accepted.json.j2     |  68 +++++
 templates/user-group-role_created.json.j2 | 138 +++++++++
 templates/user-group-role_deleted.json.j2 | 124 ++++++++
 templates/user-group_created.json.j2      | 137 +++++++++
 templates/user-group_deleted.json.j2      | 149 ++++++++++
 11 files changed, 1441 insertions(+)
 create mode 100644 defaults/main.yaml
 create mode 100644 tasks/main.yaml
 create mode 100644 templates/create-user-add-to-vre.json.j2
 create mode 100644 templates/delete-user-account.json.j2
 create mode 100644 templates/group_created.json.j2
 create mode 100644 templates/group_deleted.json.j2
 create mode 100644 templates/invitation-accepted.json.j2
 create mode 100644 templates/user-group-role_created.json.j2
 create mode 100644 templates/user-group-role_deleted.json.j2
 create mode 100644 templates/user-group_created.json.j2
 create mode 100644 templates/user-group_deleted.json.j2

diff --git a/defaults/main.yaml b/defaults/main.yaml
new file mode 100644
index 0000000..268ea49
--- /dev/null
+++ b/defaults/main.yaml
@@ -0,0 +1,17 @@
+---
+workflows:
+   - create-user-add-to-vre
+   - group_deleted
+   - user-group_created
+   - user-group-role_created
+   - group_created
+   - invitation-accepted
+   - user-group_deleted
+   - user-group-role_deleted
+   - delete-user-account 
+keycloak_host: "https://accounts.dev.d4science.org/auth"
+keycloak: "{{ keycloak_host }}/realms"
+keycloak_admin: "{{ keycloak_host }}/admin/realms"
+keycloak_auth: "c93501bd-abeb-4228-bc28-afac38877338"
+liferay: "https://next.d4science.org/api/jsonws"
+liferay_auth: "bm90aWZpY2F0aW9uc0BkNHNjaWVuY2Uub3JnOmdjdWJlcmFuZG9tMzIx"
diff --git a/tasks/main.yaml b/tasks/main.yaml
new file mode 100644
index 0000000..e08cb92
--- /dev/null
+++ b/tasks/main.yaml
@@ -0,0 +1,17 @@
+---
+- name: Generate workflows 
+  template:
+    src: "templates/{{ item }}.json.j2"
+    dest: "{{ target_path }}/{{ item }}.json"
+  loop: "{{ workflows }}"
+
+- name: Upload workflows
+  uri:
+    url: "{{ conductor_workflowdef_endpoint }}"
+    method: POST
+    src: "{{ target_path }}/{{ item }}.json"
+    body_format: json
+    follow_redirects: yes
+    status_code: [200, 204, 409]
+  loop:
+    "{{ workflows }}"
diff --git a/templates/create-user-add-to-vre.json.j2 b/templates/create-user-add-to-vre.json.j2
new file mode 100644
index 0000000..58542e7
--- /dev/null
+++ b/templates/create-user-add-to-vre.json.j2
@@ -0,0 +1,167 @@
+{
+	"ownerApp" : "Orchestrator",
+	"name" : "create-user-add-to-vre",
+	"createBy" : "Marco Lettere",
+	"description": "Batch create a user with a membership in a specific group",
+	"version" : 1,
+	"ownerEmail" : "m.lettere@gmail.com",
+	"inputParameters" : ["user", "first-name", "last-name", "email", "password", "group"],
+	"tasks" : [
+		{
+		"name": "LAMBDA_TASK",
+		"taskReferenceName": "init",
+		"type": "LAMBDA",
+		"inputParameters": {
+			"keycloak": "{{ keycloak }}",
+			"keycloak_admin" : "{{ keycloak_admin }}",
+			"group" : "${workflow.input.group}", 
+            "scriptExpression": "var path = $.group.split('%2F').slice(1); return { 'tree' : Java.to(path, 'java.lang.Object[]'), 'name' : path.slice(path.length-1)[0]}"
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "authorize",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak}/protocol/openid-connect/token",
+				"method" : "POST",
+				"headers" : {
+					"Accept" : "application/json"
+				},
+				"body" : {
+					"client_id" : "orchestrator", 
+					"client_secret" : "{{ keycloak_auth }}",
+					"grant_type" : "client_credentials"
+				}
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "create_user",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak_admin}/users",
+				"expect" : 201,
+				"method" : "POST",
+				"body" : {
+					"username": "${workflow.input.user}",
+					"firstName": "${workflow.input.first-name}",
+					"lastName": "${workflow.input.last-name}",
+					"email": "${workflow.input.email}",
+					"credentials": [
+						{
+						"temporary": true,
+						"type": "password",
+						"value": "${workflow.input.password}"
+						}
+					],
+					"requiredActions": ["UPDATE_PASSWORD"],
+					"emailVerified": true,
+					"enabled": true
+					},
+				"headers" : {
+					"Authorization" : "Bearer ${authorize.output.body.access_token}",
+					"Content-Type" : "application/json"
+				}
+			}
+		},
+        {
+			"name" : "pyrest",
+			"taskReferenceName" : "lookup_user",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak_admin}/users?username=${workflow.input.user}",
+				"method" : "GET",
+				"headers" : {
+					"Authorization" : "Bearer ${authorize.output.body.access_token}",
+					"Accept" : "application/json"
+				}
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "lookup_client",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak_admin}/clients",
+				"params" : { "clientId" : "${workflow.input.group}"},
+				"method" : "GET",
+				"headers" : {
+					"Authorization" : "Bearer ${authorize.output.body.access_token}",
+					"Accept" : "application/json"
+				}
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "get_client_roles",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}/roles",
+				"expect" : [200, 404],
+				"method" : "GET",
+				"headers" : {
+					"Authorization" : "Bearer ${authorize.output.body.access_token}",
+					"Accept" : "application/json"
+				}
+			}
+		},
+		{
+			"name" : "check_role_existance",
+			"taskReferenceName" : "check_role_existance",
+			"type" : "DECISION",
+			"inputParameters" :{
+				"previous_outcome" : "${get_client_roles.output.status}"
+			},
+			"caseValueParam" : "previous_outcome",
+			"decisionCases" : {
+				"200" : [
+					{
+					"name": "LAMBDA_TASK",
+					"taskReferenceName": "select_role",
+					"type": "LAMBDA",
+					"inputParameters": {
+						"role": "${workflow.input.role}",
+						"roles" : "${get_client_roles.output.body}",
+						"scriptExpression": "for(var i=0; i < $.roles.length;i++){if($.roles[i]['name'] == 'Member') return Java.to([$.roles[i]], 'java.lang.Object[]')}"
+						}
+					},
+					{
+                        "name" : "pyrest",
+                        "taskReferenceName" : "look_up_groups",
+                        "type" : "SIMPLE",
+                        "inputParameters" : {
+                            "url" : "${init.input.keycloak_admin}/groups?search=${init.output.result.name}",
+                            "headers" : {
+                                "Authorization" : "Bearer ${authorize.output.body.access_token}",
+                                "Accept" : "application/json"
+                            }
+                        }
+                    },
+                    {
+					"name": "LAMBDA_TASK",
+					"taskReferenceName": "extract_group",
+					"type": "LAMBDA",
+					"inputParameters": {
+						"tree" : "${init.output.result.tree}",
+                        "groups" : "${look_up_groups.output.body}",
+                        "scriptExpression": "function selectByPath(groups, path, level) { for (var i=0; i < groups.length; i++) {if (groups[i].name === path[level]) {if (level === path.length - 1) return groups[i];return selectByPath(groups[i].subGroups, path, level+1)}} return null; } return { 'group' : selectByPath($.groups, $.tree, 0)}"
+						}
+					},
+					{
+						"name" : "pyrest",
+						"taskReferenceName" : "assign_user_to_group",
+						"type" : "SIMPLE",
+						"inputParameters" : {
+							"url" : "${init.input.keycloak_admin}/users/${lookup_user.output.body[0].id}/groups/${extract_group.output.result.group.id}",
+							"method" : "PUT",
+							"headers" : {
+								"Authorization" : "Bearer ${authorize.output.body.access_token}"
+							}
+						}
+					}
+				]
+			}
+		}
+	]
+}
diff --git a/templates/delete-user-account.json.j2 b/templates/delete-user-account.json.j2
new file mode 100644
index 0000000..8d1481a
--- /dev/null
+++ b/templates/delete-user-account.json.j2
@@ -0,0 +1,181 @@
+{
+	"ownerApp" : "Orchestrator",
+	"name" : "delete-user-account",
+	"createBy" : "Marco Lettere",
+	"description": "Handle Admin events from Keycloak",
+	"version" : 1,
+	"ownerEmail" : "m.lettere@gmail.com",
+	"inputParameters" : [ "userid" ],
+	"tasks" : [
+		{
+		"name": "LAMBDA_TASK",
+		"taskReferenceName": "init",
+		"type": "LAMBDA",
+		"inputParameters": {
+                    "keycloak": "{{ keycloak }}/${workflow.input.realm}",
+		    "keycloak_admin" : "{{ keycloak_admin }}/${workflow.input.realm}",		    
+                    "liferay": "{{ liferay }}",
+                    "liferay_auth": "{{ liferay_auth }}",
+                    "keycloak_userid" : "${workflow.input.userid}",
+                    "scriptExpression": "1 == 1"
+		}
+		},
+        {
+            "name" : "pyrest",
+            "taskReferenceName" : "authorize",
+            "type" : "SIMPLE",
+            "inputParameters" : {
+                "url" : "${init.input.keycloak}/protocol/openid-connect/token",
+                "method" : "POST",
+                "headers" : {
+                    "Accept" : "application/json"
+                },
+                "body" : {
+                    "client_id" : "orchestrator", 
+                    "client_secret" : "{{ keycloak_auth }}",
+                    "grant_type" : "client_credentials"
+                }
+            }
+        },
+        {
+            "name" : "pyrest",
+            "taskReferenceName" : "lookup_user",
+            "type" : "SIMPLE",
+            "inputParameters" : {
+                "url" : "${init.input.keycloak_admin}/users/${init.input.keycloak_userid}",
+                "method" : "GET",
+                "headers" : {
+                    "Authorization" : "Bearer ${authorize.output.body.access_token}",
+                    "Accept" : "application/json"
+                }
+            }
+        },
+        {
+            "name" : "fork_join",
+            "taskReferenceName" : "global_delete_user",
+            "type" : "FORK_JOIN",
+            "forkTasks" : [
+                [
+                    {
+                        "name" : "pyrest",
+                        "taskReferenceName" : "lookup_lr_company",
+                        "type" : "SIMPLE",
+                        "inputParameters" : {
+                            "url" : "${init.input.liferay}/company/get-company-by-web-id",
+                            "method" : "GET",
+                            "params" : { "webId" : "liferay.com"},
+                            "headers" : {
+                                "Authorization" : "Basic ${init.input.liferay_auth}",
+                                "Accept" : "application/json"
+                            }
+                        }
+                    },
+                    {
+                        "name" : "pyrest",
+                        "taskReferenceName" : "lookup_lr_user_by_screenname",
+                        "type" : "SIMPLE",
+                        "inputParameters" : {
+                            "url" : "${init.input.liferay}/user/get-user-by-screen-name",
+                            "method" : "GET",
+                            "params" : { 
+                                "companyId" : "${lookup_lr_company.output.body.companyId}", 
+                                "screenName" : "${lookup_user.output.body.username}"
+                            },
+                            "headers" : {
+                                "Authorization" : "Basic ${init.input.liferay_auth}",
+                                "Accept" : "application/json"
+                            }
+                        }
+                    },
+                    {
+                        "name" : "pyrest",
+                        "taskReferenceName" : "lookup_lr_user_groups",
+                        "type" : "SIMPLE",
+                        "inputParameters" : {
+                            "url" : "${init.input.liferay}/group/get-user-sites-groups",
+                            "method" : "GET",
+                            "params" : { 
+                                "classNames" : "[\"com.liferay.portal.model.Group\"]", 
+                                "userId" : "${lookup_lr_user_by_screenname.output.body.userId}",
+                                "max" : "-1"
+                            },
+                            "headers" : {
+                                "Authorization" : "Basic ${init.input.liferay_auth}",
+                                "Accept" : "application/json"
+                            }
+                        }
+                    },
+                    {
+                        "name": "LAMBDA_TASK",
+                        "taskReferenceName": "build_delete_group_tasks",
+                        "type": "LAMBDA",
+                        "inputParameters": {
+                            "groups" : "${lookup_lr_user_groups.output.body.*.groupId}",
+                            "userId" : "${lookup_lr_user_by_screenname.output.body.userId}",
+                            "scriptExpression": "inputs = {}; tasks = []; for(var i=0;i<$.groups.length;i++){tasks.push({'name': 'pyrest','type' : 'SIMPLE','taskReferenceName' : 'del-' + i});inputs['del-'+i] = {'url' : '${init.input.liferay}/user/unset-group-users?userIds=' + $.userId + '&groupId=' + $.groups[i],'method' : 'POST','headers' : {'Authorization' : 'Basic ' + '${init.input.liferay_auth}', 'Accept' : 'application/json'}}}; return { 'tasks' : Java.to(tasks, 'java.util.Map[]'), 'inputs' : inputs};"
+                        }
+                    },
+                    {
+                        "name" : "fork_dynamic",
+                        "type" : "FORK_JOIN_DYNAMIC",
+                        "taskReferenceName" : "parallel_delete_group",
+                        "inputParameters" : {
+                            "tasks" : "${build_delete_group_tasks.output.result.tasks}",
+                            "inputs" : "${build_delete_group_tasks.output.result.inputs}"
+                        },
+                        "dynamicForkTasksParam": "tasks",
+                        "dynamicForkTasksInputParamName": "inputs"
+                    },
+                    {
+                        "name" : "join",
+                        "type" : "JOIN",
+                        "taskReferenceName" : "join_parallel_group_deletion"
+                    },
+                    {
+                        "name" : "pyrest",
+                        "taskReferenceName" : "delete_lr_user",
+                        "type" : "SIMPLE",
+                        "inputParameters" : {
+                            "url" : "${init.input.liferay}/user/delete-user",
+                            "method" : "POST",
+                            "params" : { 
+                                "userId" : "${lookup_lr_user_by_screenname.output.body.userId}"
+                            },
+                            "headers" : {
+                                "Authorization" : "Basic ${init.input.liferay_auth}",
+                                "Accept" : "application/json"
+                            }
+                        }
+                    },
+                    {
+                        "name": "LAMBDA_TASK",
+                        "taskReferenceName": "lr_final_task",
+                        "type": "LAMBDA",
+                        "inputParameters" : {
+                            "scriptExpression" : "1 == 1"
+                        }
+                    }
+                ]
+            ]
+        },
+        {
+            "name" : "join",
+            "type" : "JOIN",
+            "taskReferenceName" : "global_delete_user_join",
+            "joinOn": [ "lr_final_task"]
+        },
+        {
+            "name" : "pyrest",
+            "taskReferenceName" : "delete_keycloak_user",
+            "type" : "SIMPLE",
+            "inputParameters" : {
+                "url" : "${init.input.keycloak_admin}/users/${init.input.keycloak_userid}",
+                "method" : "DELETE",
+                "headers" : {
+                    "Authorization" : "Bearer ${authorize.output.body.access_token}",
+                    "Accept" : "application/json"
+                }
+            }
+        }
+	]
+}
diff --git a/templates/group_created.json.j2 b/templates/group_created.json.j2
new file mode 100644
index 0000000..e7cd250
--- /dev/null
+++ b/templates/group_created.json.j2
@@ -0,0 +1,343 @@
+{
+	"ownerApp" : "Orchestrator",
+	"name" : "group_created",
+	"createBy" : "Marco Lettere",
+	"description": "Handle workflow related to Portal event group_created",
+	"version" : 1,
+	"ownerEmail" : "marco.lettere@nubisware.com",
+	"inputParameters" : ["user", "group"],
+	"tasks" : [
+	    {
+		"name": "LAMBDA_TASK",
+		"taskReferenceName": "init",
+		"type": "LAMBDA",
+		"inputParameters": {
+			"keycloak": "{{ keycloak }}",
+			"keycloak_admin" : "{{ keycloak_admin }}",
+			"clientId" : "${workflow.input.group}",
+			"scriptExpression": "var tree = $.clientId.split('%2F'); return { 'tree' : tree, 'child': tree[tree.length-1], 'append' : tree.slice(0,-1).join('/'), 'name' : tree.join('/')}"
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "authorize",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak}/protocol/openid-connect/token",
+				"method" : "POST",
+				"headers" : {
+					"Accept" : "application/json"
+				},
+				"body" : {
+					"client_id" : "orchestrator", 
+					"client_secret" : "{{ keycloak_auth }}",
+					"grant_type" : "client_credentials"
+				}
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "lookup_user",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak_admin}/users?username=${workflow.input.user}",
+				"method" : "GET",
+				"headers" : {
+					"Authorization" : "Bearer ${authorize.output.body.access_token}",
+					"Accept" : "application/json"
+				}
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "create_client",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak_admin}/clients",
+				"body" : { 
+					"clientId": "${init.input.clientId}",
+					"name": "${init.output.result.name}",
+					"description": "Client representation for ${init.output.result.name} context",
+					"rootUrl": "http://localhost${init.output.result.name}",
+					"enabled": true,
+					"serviceAccountsEnabled": true,
+					"standardFlowEnabled": true,
+					"authorizationServicesEnabled": true,
+					"publicClient": false,
+					"protocol": "openid-connect"
+				},
+				"method" : "POST",
+				"headers" : {
+					"Authorization" : "Bearer ${authorize.output.body.access_token}",
+					"Content-Type" : "application/json"
+				}
+			}
+		},
+		{
+			"name" : "fork_join",
+			"taskReferenceName" : "fork_role_creation",
+			"type" : "FORK_JOIN",
+			"forkTasks" : [
+				[{
+					"name" : "pyrest",
+					"taskReferenceName" : "create_role_member",
+					"type" : "SIMPLE",
+					"inputParameters" : {
+						"url" : "${create_client.output.headers.location}/roles",
+						"body" : { 
+							"clientRole" : true, "name" : "Member", "description" : "Simple membership for ${init.output.result.name}"
+						},
+						"method" : "POST",
+						"headers" : {
+							"Authorization" : "Bearer ${authorize.output.body.access_token}",
+							"Content-Type" : "application/json"
+						}
+					}
+				},
+				{
+					"name" : "pyrest",
+					"taskReferenceName" : "get_back_role_member",
+					"type" : "SIMPLE",
+					"inputParameters" : {
+						"url" : "${create_role_member.output.headers.location}",
+						"method" : "GET",
+						"headers" : {
+							"Authorization" : "Bearer ${authorize.output.body.access_token}",
+							"Accept" : "application/json"
+						}
+					}
+				},
+				{
+				    "name" : "pyrest",
+					"taskReferenceName" : "create_kc_group",
+					"type" : "SIMPLE",
+					"inputParameters" : {
+						"url" : "${init.input.keycloak_admin}/groups",
+						"body" : { 
+							"name" : "${init.output.result.child}"
+						},
+						"method" : "POST",
+						"headers" : {
+							"Authorization" : "Bearer ${authorize.output.body.access_token}",
+							"Content-Type" : "application/json"
+						}
+					}
+				},
+				{
+				    "name" : "pyrest",
+					"taskReferenceName" : "list_kc_groups",
+					"type" : "SIMPLE",
+					"inputParameters" : {
+						"url" : "${init.input.keycloak_admin}/groups",
+						"method" : "GET",
+						"headers" : {
+							"Authorization" : "Bearer ${authorize.output.body.access_token}",
+							"Accept" : "application/json"
+						}
+					}
+				},
+				{
+					"name": "LAMBDA_TASK",
+					"taskReferenceName": "prepare",
+					"type": "LAMBDA",
+					"inputParameters": {
+						"append" : "${init.output.result.append}",
+						"location" : "${create_kc_group.output.headers.location}",
+						"client_location" : "${create_client.output.headers.location}",
+						"groups" : "${list_kc_groups.output.body}",
+						"scriptExpression": "var newid=$.location.split('/').pop(); var client_id = $.client_location.split('/').pop(); function recurse(inp){for(var i=0;i<inp.length;i++){if(inp[i]['path'] === $.append) return inp[i]; else{var subr = recurse(inp[i].subGroups); if(subr != null) return subr;}} return null}; return {'group' : $.append == '' ? '' : recurse($.groups), 'newid' : newid, 'client_id' : client_id}"
+					}
+				},
+				{
+					"name": "decide_task",
+					"taskReferenceName": "decide1",
+					"inputParameters": {
+						"groupid": "${prepare.output.result.group}"
+					},
+					"type": "DECISION",
+					"caseValueParam": "groupid",
+					"decisionCases": {
+						"": [
+							{
+								"name": "LAMBDA_TASK",
+								"taskReferenceName": "dummy",
+								"type": "LAMBDA",
+								"inputParameters": {
+									"scriptExpression": "1"
+								}
+							}
+						]
+					},
+					"defaultCase": [
+						{
+							"name" : "pyrest",
+							"taskReferenceName" : "move_new_kc_group_to_parent",
+							"type" : "SIMPLE",
+							"inputParameters" : {
+								"url" : "${init.input.keycloak_admin}/groups/${prepare.output.result.group.id}/children",
+								"method" : "POST",
+								"body" : {
+									"id" : "${prepare.output.result.newid}"
+								},
+								"headers" : {
+									"Authorization" : "Bearer ${authorize.output.body.access_token}",
+									"Accept" : "application/json",
+									"Content-Type" : "application/json"
+								}
+							}
+						}
+					]
+				},
+				{
+				    "name" : "pyrest",
+					"taskReferenceName" : "assign_client_member_role_to_kc_group",
+					"type" : "SIMPLE",
+					"inputParameters" : {
+						"url" : "${init.input.keycloak_admin}/groups/${prepare.output.result.newid}/role-mappings/clients/${prepare.output.result.client_id}",
+						"method" : "POST",
+						"body" : ["${get_back_role_member.output.body}"],
+						"headers" : {
+							"Authorization" : "Bearer ${authorize.output.body.access_token}",
+							"Accept" : "application/json",
+							"Content-Type" : "application/json"
+						}
+					}
+				}
+				],
+				[{
+					"name" : "pyrest",
+					"taskReferenceName" : "create_role_accountingmanager",
+					"type" : "SIMPLE",
+					"inputParameters" : {
+						"url" : "${create_client.output.headers.location}/roles",
+						"body" : { 
+							"clientRole" : true, "name" : "Accounting-Manager", "description" : "Accounting-Manager for ${init.output.result.name}"
+						},
+						"method" : "POST",
+						"headers" : {
+							"Authorization" : "Bearer ${authorize.output.body.access_token}",
+							"Content-Type" : "application/json"
+						}
+					}
+				}],
+				[{
+					"name" : "pyrest",
+					"taskReferenceName" : "create_role_catalogueadmin",
+					"type" : "SIMPLE",
+					"inputParameters" : {
+						"url" : "${create_client.output.headers.location}/roles",
+						"body" : { 
+							"clientRole" : true, "name" : "Catalogue-Admin", "description" : "Catalogue-Admin for ${init.output.result.name}"
+						},
+						"method" : "POST",
+						"headers" : {
+							"Authorization" : "Bearer ${authorize.output.body.access_token}",
+							"Content-Type" : "application/json"
+						}
+					}
+				}],
+				[{
+					"name" : "pyrest",
+					"taskReferenceName" : "create_role_catalogueeditor",
+					"type" : "SIMPLE",
+					"inputParameters" : {
+						"url" : "${create_client.output.headers.location}/roles",
+						"body" : { 
+							"clientRole" : true, "name" : "Catalogue-Editor", "description" : "Catalogue-Editor for ${init.output.result.name}"
+						},
+						"method" : "POST",
+						"headers" : {
+							"Authorization" : "Bearer ${authorize.output.body.access_token}",
+							"Content-Type" : "application/json"
+						}
+					}
+				}],
+				[{
+					"name" : "pyrest",
+					"taskReferenceName" : "create_role_datamanager",
+					"type" : "SIMPLE",
+					"inputParameters" : {
+						"url" : "${create_client.output.headers.location}/roles",
+						"body" : { 
+							"clientRole" : true, "name" : "Data-Manager", "description" : "Data-Manager for ${init.output.result.name}"
+						},
+						"method" : "POST",
+						"headers" : {
+							"Authorization" : "Bearer ${authorize.output.body.access_token}",
+							"Content-Type" : "application/json"
+						}
+					}
+				}],
+				[{
+					"name" : "pyrest",
+					"taskReferenceName" : "create_role_dataminermanager",
+					"type" : "SIMPLE",
+					"inputParameters" : {
+						"url" : "${create_client.output.headers.location}/roles",
+						"body" : { 
+							"clientRole" : true, "name" : "Dataminer-Manager", "description" : "Dataminer-Manager for ${init.output.result.name}"
+						},
+						"method" : "POST",
+						"headers" : {
+							"Authorization" : "Bearer ${authorize.output.body.access_token}",
+							"Content-Type" : "application/json"
+						}
+					}
+				}],
+				[{
+					"name" : "pyrest",
+					"taskReferenceName" : "create_role_voadmin",
+					"type" : "SIMPLE",
+					"inputParameters" : {
+						"url" : "${create_client.output.headers.location}/roles",
+						"body" : { 
+							"clientRole" : true, "name" : "VO-Admin", "description" : "VO-Admin for ${init.output.result.name}"
+						},
+						"method" : "POST",
+						"headers" : {
+							"Authorization" : "Bearer ${authorize.output.body.access_token}",
+							"Content-Type" : "application/json"
+						}
+					}
+				}],
+				[{
+					"name" : "pyrest",
+					"taskReferenceName" : "create_role_vredesigner",
+					"type" : "SIMPLE",
+					"inputParameters" : {
+						"url" : "${create_client.output.headers.location}/roles",
+						"body" : { 
+							"clientRole" : true, "name" : "VRE-Designer", "description" : "VRE-Designer for ${init.output.result.name}"
+						},
+						"method" : "POST",
+						"headers" : {
+							"Authorization" : "Bearer ${authorize.output.body.access_token}",
+							"Content-Type" : "application/json"
+						}
+					}
+				}],
+				[{
+					"name" : "pyrest",
+					"taskReferenceName" : "create_role_vremanager",
+					"type" : "SIMPLE",
+					"inputParameters" : {
+						"url" : "${create_client.output.headers.location}/roles",
+						"body" : { 
+							"clientRole" : true, "name" : "VRE-Manager", "description" : "VRE-Manager for ${init.output.result.name}"
+						},
+						"method" : "POST",
+						"headers" : {
+							"Authorization" : "Bearer ${authorize.output.body.access_token}",
+							"Content-Type" : "application/json"
+						}
+					}
+				}]
+			]
+		},
+		{
+			"name" : "join",
+			"taskReferenceName" : "join_role_creation",
+			"type" : "JOIN"
+		}
+	]
+}
diff --git a/templates/group_deleted.json.j2 b/templates/group_deleted.json.j2
new file mode 100644
index 0000000..b06464c
--- /dev/null
+++ b/templates/group_deleted.json.j2
@@ -0,0 +1,100 @@
+{
+	"ownerApp" : "Orchestrator",
+	"name" : "group_deleted",
+	"createBy" : "Marco Lettere",
+	"description": "Handle workflow related to Portal event group_created",
+	"version" : 1,
+	"ownerEmail" : "m.lettere@gmail.com",
+	"inputParameters" : ["user", "group"],
+	"tasks" : [
+		{
+			"name": "LAMBDA_TASK",
+			"taskReferenceName": "init",
+			"type": "LAMBDA",
+			"inputParameters": {
+				"keycloak": "{{ keycloak }}",
+				"keycloak_admin" : "{{ keycloak_admin }}",
+				"group" : "${workflow.input.group}",
+				"scriptExpression" : "return $.group.split('%2F').join('/')"
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "authorize",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak}/protocol/openid-connect/token",
+				"method" : "POST",
+				"headers" : {
+					"Accept" : "application/json"
+				},
+				"body" : {
+					"client_id" : "orchestrator", 
+					"client_secret" : "{{ keycloak_auth }}",
+					"grant_type" : "client_credentials"
+				}
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "lookup_client",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak_admin}/clients",
+				"params" : { "clientId" : "${workflow.input.group}"},
+				"method" : "GET",
+				"headers" : {
+					"Authorization" : "Bearer ${authorize.output.body.access_token}",
+					"Accept" : "application/json"
+				}
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "delete_client",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}",
+				"method" : "DELETE",
+				"headers" : {
+					"Authorization" : "Bearer ${authorize.output.body.access_token}"
+				}
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "list_kc_groups",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak_admin}/groups",
+				"method" : "GET",
+				"headers" : {
+					"Authorization" : "Bearer ${authorize.output.body.access_token}",
+					"Accept" : "application/json"
+				}
+			}
+		},
+		{
+			"name": "LAMBDA_TASK",
+			"taskReferenceName": "find_group_by_path",
+			"type": "LAMBDA",
+			"inputParameters": {
+				"path" : "${init.output.result}",
+				"groups" : "${list_kc_groups.output.body}",
+				"scriptExpression": "function recurse(inp){for(var i=0;i<inp.length;i++){if(inp[i]['path'] === $.path) return inp[i]; else{var subr = recurse(inp[i].subGroups); if(subr != null) return subr;}} return null}; return recurse($.groups)"
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "delete_group",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak_admin}/groups/${find_group_by_path.output.result.id}",
+				"method" : "DELETE",
+				"headers" : {
+					"Authorization" : "Bearer ${authorize.output.body.access_token}"
+				}
+			}
+		}
+	]
+}
diff --git a/templates/invitation-accepted.json.j2 b/templates/invitation-accepted.json.j2
new file mode 100644
index 0000000..36d812c
--- /dev/null
+++ b/templates/invitation-accepted.json.j2
@@ -0,0 +1,68 @@
+{
+	"ownerApp" : "Orchestrator",
+	"name" : "invitation-accepted",
+	"createBy" : "Mauro Mugnaini",
+	"description": "Handle workflow related to Portal event invitation-accepted",
+	"version" : 1,
+	"ownerEmail" : "mauro.mugnaini@nubisware.com",
+	"inputParameters" : ["user", "first-name", "last-name", "email", "password"],
+	"tasks" : [
+		{
+		"name": "LAMBDA_TASK",
+		"taskReferenceName": "init",
+		"type": "LAMBDA",
+		"inputParameters": {
+			"keycloak": "{{ keycloak }}",
+			"keycloak_admin" : "{{ keycloak_admin }}",
+			"scriptExpression": "1"
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "authorize",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak}/protocol/openid-connect/token",
+				"method" : "POST",
+				"headers" : {
+					"Accept" : "application/json"
+				},
+				"body" : {
+					"client_id" : "orchestrator", 
+					"client_secret" : "{{ keycloak_auth }}",
+					"grant_type" : "client_credentials"
+				}
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "create_user",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak_admin}/users",
+				"expect" : 201,
+				"method" : "POST",
+				"body" : {
+					"username": "${workflow.input.user}",
+					"firstName": "${workflow.input.first-name}",
+					"lastName": "${workflow.input.last-name}",
+					"email": "${workflow.input.email}",
+					"credentials": [
+						{
+						"temporary": true,
+						"type": "password",
+						"value": "${workflow.input.password}"
+						}
+					],
+					"requiredActions": ["UPDATE_PASSWORD"],
+					"emailVerified": true,
+					"enabled": true
+					},
+				"headers" : {
+					"Authorization" : "Bearer ${authorize.output.body.access_token}",
+					"Content-Type" : "application/json"
+				}
+			}
+		}
+	]
+}
diff --git a/templates/user-group-role_created.json.j2 b/templates/user-group-role_created.json.j2
new file mode 100644
index 0000000..85c7e1b
--- /dev/null
+++ b/templates/user-group-role_created.json.j2
@@ -0,0 +1,138 @@
+{
+	"ownerApp" : "Orchestrator",
+	"name" : "user-group-role_created",
+	"createBy" : "Marco Lettere",
+	"description": "Handle workflow related to Portal event user-group-role_created",
+	"version" : 1,
+	"ownerEmail" : "m.lettere@gmail.com",
+	"inputParameters" : ["role", "user", "group"],
+	"tasks" : [
+		{
+			"name": "LAMBDA_TASK",
+			"taskReferenceName": "init",
+			"type": "LAMBDA",
+			"inputParameters": {
+				"keycloak": "{{ keycloak }}",
+				"keycloak_admin" : "{{ keycloak_admin }}",
+				"scriptExpression": "1"
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "authorize",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak}/protocol/openid-connect/token",
+				"method" : "POST",
+				"headers" : {
+					"Accept" : "application/json"
+				},
+				"body" : {
+					"client_id" : "orchestrator", 
+					"client_secret" : "{{ keycloak_auth }}",
+					"grant_type" : "client_credentials"
+				}
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "lookup_user",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak_admin}/users?username=${workflow.input.user}",
+				"method" : "GET",
+				"headers" : {
+					"Authorization" : "Bearer ${authorize.output.body.access_token}",
+					"Accept" : "application/json"
+				}
+			}
+		},
+		{
+                        "name": "check_user_existance",
+                        "taskReferenceName": "check_user_existance",
+                        "inputParameters": {
+                                "user": "${lookup_user.output.body[0]}"
+                        },
+                        "type": "DECISION",
+                        "caseExpression": "($.user == null ? 'true' : 'false')",
+                        "decisionCases": {
+                                "true": [
+                                        {
+                                                "name" : "terminate",
+                                                "taskReferenceName" : "terminate_when_no_user",
+                                                "type" : "TERMINATE",
+                                                "inputParameters" : {
+                                                        "terminationStatus" : "COMPLETED"
+                                                }
+                                        }
+                                ]
+                        }
+                },
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "lookup_client",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak_admin}/clients",
+				"params" : { "clientId" : "${workflow.input.group}"},
+				"method" : "GET",
+				"headers" : {
+					"Authorization" : "Bearer ${authorize.output.body.access_token}",
+					"Accept" : "application/json"
+				}
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "get_client_roles",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}/roles",
+				"method" : "GET",
+				"expect" : [200,404],
+				"headers" : {
+					"Authorization" : "Bearer ${authorize.output.body.access_token}",
+					"Accept" : "application/json"
+				}
+			}
+		},
+		{
+			"name": "check_task",
+			"taskReferenceName": "check",
+			"inputParameters": {
+				"prev_status": "${get_client_roles.output.status}"
+			},
+			"type": "DECISION",
+			"caseValueParam": "prev_status",
+			"decisionCases": {
+				"200": [
+					{
+					"name": "LAMBDA_TASK",
+					"taskReferenceName": "select_role",
+					"type": "LAMBDA",
+					"inputParameters": {
+						"role": "${workflow.input.role}",
+						"roles" : "${get_client_roles.output.body}",
+						"scriptExpression": "for(var i=0; i < $.roles.length;i++){if($.roles[i]['name'] == $.role) return Java.to([$.roles[i]], 'java.lang.Object[]')}"
+						}
+					},
+					{
+						"name" : "pyrest",
+						"taskReferenceName" : "assign_role_to_user",
+						"type" : "SIMPLE",
+						"inputParameters" : {
+							"url" : "${init.input.keycloak_admin}/users/${lookup_user.output.body[0].id}/role-mappings/clients/${lookup_client.output.body[0].id}",
+							"expect" : [204, 404],
+							"method" : "POST",
+							"body" : "${select_role.output.result}",
+							"headers" : {
+								"Authorization" : "Bearer ${authorize.output.body.access_token}",
+								"Content-Type" : "application/json"
+							}
+						}
+					}	
+				]
+			}
+		}
+	]
+}
diff --git a/templates/user-group-role_deleted.json.j2 b/templates/user-group-role_deleted.json.j2
new file mode 100644
index 0000000..08ad250
--- /dev/null
+++ b/templates/user-group-role_deleted.json.j2
@@ -0,0 +1,124 @@
+{
+	"ownerApp" : "Orchestrator",
+	"name" : "user-group-role_deleted",
+	"createBy" : "Marco Lettere",
+	"description": "Handle workflow related to Portal event user-group-role_deleted",
+	"version" : 1,
+	"ownerEmail" : "m.lettere@gmail.com",
+	"inputParameters" : ["role", "user", "group"],
+	"tasks" : [
+		{
+			"name": "LAMBDA_TASK",
+			"taskReferenceName": "init",
+			"type": "LAMBDA",
+			"inputParameters": {
+				"keycloak": "{{ keycloak }}",
+				"keycloak_admin" : "{{ keycloak_admin }}",
+				"scriptExpression": "1"
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "authorize",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak}/protocol/openid-connect/token",
+				"method" : "POST",
+				"headers" : {
+					"Accept" : "application/json"
+				},
+				"body" : {
+					"client_id" : "orchestrator", 
+					"client_secret" : "{{ keycloak_auth }}",
+					"grant_type" : "client_credentials"
+				}
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "lookup_user",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak_admin}/users?username=${workflow.input.user}",
+				"method" : "GET",
+				"headers" : {
+					"Authorization" : "Bearer ${authorize.output.body.access_token}",
+					"Accept" : "application/json"
+				}
+			}
+		},
+		{
+                        "name": "check_user_existance",
+                        "taskReferenceName": "check_user_existance",
+                        "inputParameters": {
+                                "user": "${lookup_user.output.body[0]}"
+                        },
+                        "type": "DECISION",
+                        "caseExpression": "($.user == null ? 'true' : 'false')",
+                        "decisionCases": {
+                                "true": [
+                                        {
+                                                "name" : "terminate",
+                                                "taskReferenceName" : "terminate_when_no_user",
+                                                "type" : "TERMINATE",
+                                                "inputParameters" : {
+                                                        "terminationStatus" : "COMPLETED"
+                                                }
+                                        }
+                                ]
+                        }
+                },
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "lookup_client",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak_admin}/clients",
+				"params" : { "clientId" : "${workflow.input.group}"},
+				"method" : "GET",
+				"headers" : {
+					"Authorization" : "Bearer ${authorize.output.body.access_token}",
+					"Accept" : "application/json"
+				}
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "get_client_roles",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}/roles",
+				"method" : "GET",
+				"headers" : {
+					"Authorization" : "Bearer ${authorize.output.body.access_token}",
+					"Accept" : "application/json"
+				}
+			}
+		},
+		{
+		"name": "LAMBDA_TASK",
+		"taskReferenceName": "select_role",
+		"type": "LAMBDA",
+		"inputParameters": {
+			"role": "${workflow.input.role}",
+			"roles" : "${get_client_roles.output.body}",
+			"scriptExpression": "for(var i=0; i < $.roles.length;i++){if($.roles[i]['name'] == $.role) return Java.to([$.roles[i]], 'java.lang.Object[]')}"
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "remove_role_from_user",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak_admin}/users/${lookup_user.output.body[0].id}/role-mappings/clients/${lookup_client.output.body[0].id}",
+				"expect" : 204,
+				"method" : "DELETE",
+				"body" : "${select_role.output.result}",
+				"headers" : {
+					"Authorization" : "Bearer ${authorize.output.body.access_token}",
+					"Content-Type" : "application/json"
+				}
+			}
+		}
+	]
+}
diff --git a/templates/user-group_created.json.j2 b/templates/user-group_created.json.j2
new file mode 100644
index 0000000..78148b3
--- /dev/null
+++ b/templates/user-group_created.json.j2
@@ -0,0 +1,137 @@
+{
+	"ownerApp" : "Orchestrator",
+	"name" : "user-group_created",
+	"createBy" : "Marco Lettere",
+	"description": "Handle workflow related to Portal event user-group_created",
+	"version" : 1,
+	"ownerEmail" : "m.lettere@gmail.com",
+	"inputParameters" : ["user", "group"],
+	"tasks" : [
+		{
+		"name": "LAMBDA_TASK",
+		"taskReferenceName": "init",
+		"type": "LAMBDA",
+		"inputParameters": {
+			"keycloak": "{{ keycloak }}",
+			"keycloak_admin" : "{{ keycloak_admin }}",
+			"group" : "${workflow.input.group}", 
+            "scriptExpression": "var path = $.group.split('%2F').slice(1); return { 'tree' : Java.to(path, 'java.lang.Object[]'), 'name' : path.slice(path.length-1)[0]}"
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "authorize",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak}/protocol/openid-connect/token",
+				"method" : "POST",
+				"headers" : {
+					"Accept" : "application/json"
+				},
+				"body" : {
+					"client_id" : "orchestrator", 
+					"client_secret" : "{{ keycloak_auth }}",
+					"grant_type" : "client_credentials"
+				}
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "lookup_user",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak_admin}/users?username=${workflow.input.user}",
+				"method" : "GET",
+				"headers" : {
+					"Authorization" : "Bearer ${authorize.output.body.access_token}",
+					"Accept" : "application/json"
+				}
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "lookup_client",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak_admin}/clients",
+				"params" : { "clientId" : "${workflow.input.group}"},
+				"method" : "GET",
+				"headers" : {
+					"Authorization" : "Bearer ${authorize.output.body.access_token}",
+					"Accept" : "application/json"
+				}
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "get_client_roles",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}/roles",
+				"expect" : [200, 404],
+				"method" : "GET",
+				"headers" : {
+					"Authorization" : "Bearer ${authorize.output.body.access_token}",
+					"Accept" : "application/json"
+				}
+			}
+		},
+		{
+			"name" : "check_role_existance",
+			"taskReferenceName" : "check_role_existance",
+			"type" : "DECISION",
+			"inputParameters" :{
+				"previous_outcome" : "${get_client_roles.output.status}"
+			},
+			"caseValueParam" : "previous_outcome",
+			"decisionCases" : {
+				"200" : [
+					{
+					"name": "LAMBDA_TASK",
+					"taskReferenceName": "select_role",
+					"type": "LAMBDA",
+					"inputParameters": {
+						"role": "${workflow.input.role}",
+						"roles" : "${get_client_roles.output.body}",
+						"scriptExpression": "for(var i=0; i < $.roles.length;i++){if($.roles[i]['name'] == 'Member') return Java.to([$.roles[i]], 'java.lang.Object[]')}"
+						}
+					},
+                    {
+                        "name" : "pyrest",
+                        "taskReferenceName" : "look_up_groups",
+                        "type" : "SIMPLE",
+                        "inputParameters" : {
+                            "url" : "${init.input.keycloak_admin}/groups?search=${init.output.result.name}",
+                            "headers" : {
+                                "Authorization" : "Bearer ${authorize.output.body.access_token}",
+                                "Accept" : "application/json"
+                            }
+                        }
+                    },
+                    {
+					"name": "LAMBDA_TASK",
+					"taskReferenceName": "extract_group",
+					"type": "LAMBDA",
+					"inputParameters": {
+						"tree" : "${init.output.result.tree}",
+                        "groups" : "${look_up_groups.output.body}",
+                        "scriptExpression": "function selectByPath(groups, path, level) { for (var i=0; i < groups.length; i++) {if (groups[i].name === path[level]) {if (level === path.length - 1) return groups[i];return selectByPath(groups[i].subGroups, path, level+1)}} return null; } return { 'group' : selectByPath($.groups, $.tree, 0)}"
+						}
+					},
+					{
+						"name" : "pyrest",
+						"taskReferenceName" : "assign_user_to_group",
+						"type" : "SIMPLE",
+						"inputParameters" : {
+							"url" : "${init.input.keycloak_admin}/users/${lookup_user.output.body[0].id}/groups/${extract_group.output.result.group.id}",
+							"method" : "PUT",
+							"headers" : {
+								"Authorization" : "Bearer ${authorize.output.body.access_token}"
+							}
+						}
+					}
+				]
+			}
+		}
+	]
+}
diff --git a/templates/user-group_deleted.json.j2 b/templates/user-group_deleted.json.j2
new file mode 100644
index 0000000..966eadf
--- /dev/null
+++ b/templates/user-group_deleted.json.j2
@@ -0,0 +1,149 @@
+{
+	"ownerApp" : "Orchestrator",
+	"name" : "user-group_deleted",
+	"createBy" : "Marco Lettere",
+	"description": "Handle workflow related to Portal event user-group_deleted",
+	"version" : 1,
+	"ownerEmail" : "m.lettere@gmail.com",
+	"inputParameters" : ["role", "user", "group"],
+	"tasks" : [
+		{
+		"name": "LAMBDA_TASK",
+		"taskReferenceName": "init",
+		"type": "LAMBDA",
+		"inputParameters": {
+			"keycloak": "{{ keycloak }}",
+			"keycloak_admin" : "{{ keycloak_admin }}",
+			"group" : "${workflow.input.group}", 
+            "scriptExpression": "var path = $.group.split('%2F').slice(1); return { 'tree' : Java.to(path, 'java.lang.Object[]'), 'name' : path.slice(path.length-1)[0]}"
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "authorize",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak}/protocol/openid-connect/token",
+				"method" : "POST",
+				"headers" : {
+					"Accept" : "application/json"
+				},
+				"body" : {
+					"client_id" : "orchestrator", 
+					"client_secret" : "{{ keycloak_auth }}",
+					"grant_type" : "client_credentials"
+				}
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "lookup_user",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak_admin}/users?username=${workflow.input.user}",
+				"method" : "GET",
+				"headers" : {
+					"Authorization" : "Bearer ${authorize.output.body.access_token}",
+					"Accept" : "application/json"
+				}
+			}
+		},
+                {
+			"name": "check_user_existance",
+			"taskReferenceName": "check_user_existance",
+			"inputParameters": {
+				"user": "${lookup_user.output.body[0]}"
+			},
+			"type": "DECISION",
+			"caseExpression": "($.user == null ? 'true' : 'false')",
+			"decisionCases": {
+				"true": [
+					{
+						"name" : "terminate",
+						"taskReferenceName" : "terminate_when_no_user",
+						"type" : "TERMINATE",
+						"inputParameters" : {
+							"terminationStatus" : "COMPLETED"
+						}
+					}
+				]
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "lookup_client",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak_admin}/clients",
+				"params" : { "clientId" : "${workflow.input.group}"},
+				"method" : "GET",
+				"headers" : {
+					"Authorization" : "Bearer ${authorize.output.body.access_token}",
+					"Accept" : "application/json"
+				}
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "get_client_roles",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak_admin}/clients/${lookup_client.output.body[0].id}/roles",
+				"method" : "GET",
+				"headers" : {
+					"Authorization" : "Bearer ${authorize.output.body.access_token}",
+					"Accept" : "application/json"
+				}
+			}
+		},
+		{
+			"name" : "pyrest",
+			"taskReferenceName" : "remove_all_roles_from_user",
+			"type" : "SIMPLE",
+			"inputParameters" : {
+				"url" : "${init.input.keycloak_admin}/users/${lookup_user.output.body[0].id}/role-mappings/clients/${lookup_client.output.body[0].id}",
+				"expect" : 204,
+				"method" : "DELETE",
+				"body" : "${get_client_roles.body}",
+				"headers" : {
+					"Authorization" : "Bearer ${authorize.output.body.access_token}",
+					"Content-Type" : "application/json"
+				}
+			}
+		},
+        {
+            "name" : "pyrest",
+            "taskReferenceName" : "look_up_groups",
+            "type" : "SIMPLE",
+            "inputParameters" : {
+                "url" : "${init.input.keycloak_admin}/groups?search=${init.output.result.name}",
+                "headers" : {
+                    "Authorization" : "Bearer ${authorize.output.body.access_token}",
+                    "Accept" : "application/json"
+                }
+            }
+        },
+        {
+        "name": "LAMBDA_TASK",
+        "taskReferenceName": "extract_group",
+        "type": "LAMBDA",
+        "inputParameters": {
+            "tree" : "${init.output.result.tree}",
+            "groups" : "${look_up_groups.output.body}",
+            "scriptExpression": "function selectByPath(groups, path, level) { for (var i=0; i < groups.length; i++) {if (groups[i].name === path[level]) {if (level === path.length - 1) return groups[i];return selectByPath(groups[i].subGroups, path, level+1)}} return null; } return { 'group' : selectByPath($.groups, $.tree, 0)}"
+            }
+        },
+        {
+            "name" : "pyrest",
+            "taskReferenceName" : "assign_user_to_group",
+            "type" : "SIMPLE",
+            "inputParameters" : {
+                "url" : "${init.input.keycloak_admin}/users/${lookup_user.output.body[0].id}/groups/${extract_group.output.result.group.id}",
+                "method" : "DELETE",
+                "headers" : {
+                    "Authorization" : "Bearer ${authorize.output.body.access_token}"
+                }
+            }
+        }
+	]
+}